From 095592c9394040bcf3e113f1cba395c4176c4140 Mon Sep 17 00:00:00 2001 From: Marco Mader <46554982+DTMad@users.noreply.github.com> Date: Fri, 9 Apr 2021 15:40:47 +0200 Subject: [PATCH] Reorder manifest files to keep the structure similar to operator repo (#90) * Reorder manifest files to keep the structure similar to operator repository --- .../chart/dynatrace-operator/Chart.yaml | 4 +- .../templates/Common/deployment-operator.yaml | 4 +- .../templates/application.yaml | 2 +- .../templates/configmap.yaml | 1523 ++++++++++++++++- .../chart/dynatrace-operator/values.yaml | 24 +- .../schema.yaml | 12 +- dynatrace-operator/Chart.yaml | 4 +- dynatrace-operator/README.md | 5 + dynatrace-operator/questions.yml | 206 ++- .../clusterrole-kubernetes-monitoring.yaml | 0 ...sterrolebinding-kubernetes-monitoring.yaml | 0 .../role-kubernetes-monitoring.yaml | 0 .../rolebinding-kubernetes-monitoring.yaml | 0 .../serviceaccount-kubernetes-monitoring.yaml | 0 .../{ => operator}/clusterrole-operator.yaml | 11 - .../clusterrolebinding-operator.yaml | 0 .../operator}/role-operator.yaml | 2 - .../{ => operator}/rolebinding-operator.yaml | 0 .../Common/podsecuritypolicy-operator.yaml | 48 - .../{Routing => routing}/role-routing.yaml | 0 .../rolebinding-routing.yaml | 0 .../serviceaccount-routing.yaml | 2 +- .../templates/Common/secret.yaml | 2 + .../{ => webhook}/clusterrole-webhook.yaml | 0 .../clusterrolebinding-webhook.yaml | 0 .../{ => webhook}/deployment-webhook.yaml | 0 .../mutatingwebhookconfiguration.yaml | 0 .../webhook}/role-webhook.yaml | 0 .../{ => webhook}/rolebinding-webhook.yaml | 0 .../Common/{ => webhook}/service.yaml | 0 ...dsecuritypolicy-kubernetes-monitoring.yaml | 0 ...dsecuritypolicy-oneagent-unprivileged.yaml | 2 +- .../podsecuritypolicy-oneagent.yaml | 2 +- .../role-oneagent-unprivileged.yaml | 0 .../{ => oneagent}/role-oneagent.yaml | 0 .../rolebinding-oneagent-unprivileged.yaml | 0 .../{ => oneagent}/rolebinding-oneagent.yaml | 0 .../serviceaccount-oneagent-unprivileged.yaml | 2 + .../oneagent}/serviceaccount-oneagent.yaml | 2 + .../operator}/deployment-operator.yaml | 2 + .../podsecuritypolicy-operator.yaml | 0 .../serviceaccount-operator.yaml | 0 .../podsecuritypolicy-routing.yaml | 0 .../podsecuritypolicy-webhook.yaml | 0 .../{ => webhook}/serviceaccount-webhook.yaml | 0 ...curitycontextconstraints-unprivileged.yaml | 2 +- .../securitycontextconstraints.yaml | 2 +- .../serviceaccount-oneagent-unprivileged.yaml | 0 .../serviceaccount-oneagent.yaml | 0 .../{ => operator}/deployment-operator.yaml | 0 .../serviceaccount-operator.yaml | 0 .../templates/Openshift/role-operator.yaml | 163 -- .../Openshift/{ => webhook}/role-webhook.yaml | 0 .../{ => webhook}/serviceaccount-webhook.yaml | 0 ...lusterrole-kubernetes-monitoring_test.yaml | 49 - .../Common/Routing/role-routing_test.yaml | 25 + .../Routing/rolebinding-routing_test.yaml | 26 + .../Routing/serviceaccount-routing_test.yaml | 2 +- ...lusterrole-kubernetes-monitoring_test.yaml | 54 + ...olebinding-kubernetes-monitoring_test.yaml | 2 +- .../role-kubernetes-monitoring_test.yaml | 2 +- ...olebinding-kubernetes-monitoring_test.yaml | 2 +- ...iceaccount-kubernetes-monitoring_test.yaml | 2 +- .../clusterrole-operator_test.yaml | 16 +- .../clusterrolebinding-operator_test.yaml | 2 +- .../operator}/role-operator_test.yaml | 15 +- .../rolebinding-operator_test.yaml | 2 +- .../podsecuritypolicy-operator_test.yaml | 44 - .../Common/routing/role-routing_test.yaml | 25 + .../routing/rolebinding-routing_test.yaml | 26 + .../routing/serviceaccount-routing_test.yaml | 16 + .../clusterrole-webhook_test.yaml | 2 +- .../clusterrolebinding-webhook_test.yaml | 2 +- .../deployment-webhook_test.yaml | 2 +- .../mutatingwebhookconfiguration_test.yaml | 2 +- .../webhook}/role-webhook_test.yaml | 2 +- .../rolebinding-webhook_test.yaml | 2 +- .../Common/{ => webhook}/service_test.yaml | 2 +- ...ritypolicy-kubernetes-monitoring_test.yaml | 2 +- ...ritypolicy-oneagent-unprivileged_test.yaml | 4 +- .../podsecuritypolicy-oneagent_test.yaml | 4 +- .../role-oneagent-unprivileged_test.yaml | 2 +- .../{ => oneagent}/role-oneagent_test.yaml | 2 +- ...olebinding-oneagent-unprivileged_test.yaml | 2 +- .../rolebinding-oneagent_test.yaml | 2 +- ...iceaccount-oneagent-unprivileged_test.yaml | 2 +- .../serviceaccount-oneagent_test.yaml | 2 +- .../operator}/deployment-operator_test.yaml | 2 +- .../podsecuritypolicy-operator_test.yaml | 2 +- .../serviceaccount-operator_test.yaml | 2 +- .../podsecuritypolicy-routing_test.yaml | 2 +- .../podsecuritypolicy-webhook_test.yaml | 2 +- .../serviceaccount-webhook_test.yaml | 2 +- ...ycontextconstraints-unprivileged_test.yaml | 4 +- .../securitycontextconstraints_test.yaml | 4 +- ...iceaccount-oneagent-unprivileged_test.yaml | 2 +- .../serviceaccount-oneagent_test.yaml | 2 +- .../deployment-operator_test.yaml | 2 +- .../serviceaccount-operator_test.yaml | 2 +- .../tests/Openshift/role-operator_test.yaml | 167 -- .../{ => webhook}/role-webhook_test.yaml | 9 +- .../serviceaccount-webhook_test.yaml | 2 +- dynatrace-operator/values.yaml | 2 +- 103 files changed, 1946 insertions(+), 634 deletions(-) rename dynatrace-operator/templates/Common/{KubernetesMonitoring => kubernetes-monitoring}/clusterrole-kubernetes-monitoring.yaml (100%) rename dynatrace-operator/templates/Common/{KubernetesMonitoring => kubernetes-monitoring}/clusterrolebinding-kubernetes-monitoring.yaml (100%) rename dynatrace-operator/templates/Common/{KubernetesMonitoring => kubernetes-monitoring}/role-kubernetes-monitoring.yaml (100%) rename dynatrace-operator/templates/Common/{KubernetesMonitoring => kubernetes-monitoring}/rolebinding-kubernetes-monitoring.yaml (100%) rename dynatrace-operator/templates/Common/{KubernetesMonitoring => kubernetes-monitoring}/serviceaccount-kubernetes-monitoring.yaml (100%) rename dynatrace-operator/templates/Common/{ => operator}/clusterrole-operator.yaml (84%) rename dynatrace-operator/templates/Common/{ => operator}/clusterrolebinding-operator.yaml (100%) rename dynatrace-operator/templates/{Kubernetes => Common/operator}/role-operator.yaml (98%) rename dynatrace-operator/templates/Common/{ => operator}/rolebinding-operator.yaml (100%) delete mode 100644 dynatrace-operator/templates/Common/podsecuritypolicy-operator.yaml rename dynatrace-operator/templates/Common/{Routing => routing}/role-routing.yaml (100%) rename dynatrace-operator/templates/Common/{Routing => routing}/rolebinding-routing.yaml (100%) rename dynatrace-operator/templates/Common/{Routing => routing}/serviceaccount-routing.yaml (93%) rename dynatrace-operator/templates/Common/{ => webhook}/clusterrole-webhook.yaml (100%) rename dynatrace-operator/templates/Common/{ => webhook}/clusterrolebinding-webhook.yaml (100%) rename dynatrace-operator/templates/Common/{ => webhook}/deployment-webhook.yaml (100%) rename dynatrace-operator/templates/Common/{ => webhook}/mutatingwebhookconfiguration.yaml (100%) rename dynatrace-operator/templates/{Kubernetes => Common/webhook}/role-webhook.yaml (100%) rename dynatrace-operator/templates/Common/{ => webhook}/rolebinding-webhook.yaml (100%) rename dynatrace-operator/templates/Common/{ => webhook}/service.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => kubernetes-monitoring}/podsecuritypolicy-kubernetes-monitoring.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => oneagent}/podsecuritypolicy-oneagent-unprivileged.yaml (98%) rename dynatrace-operator/templates/Kubernetes/{ => oneagent}/podsecuritypolicy-oneagent.yaml (98%) rename dynatrace-operator/templates/Kubernetes/{ => oneagent}/role-oneagent-unprivileged.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => oneagent}/role-oneagent.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => oneagent}/rolebinding-oneagent-unprivileged.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => oneagent}/rolebinding-oneagent.yaml (100%) rename dynatrace-operator/templates/{Common => Kubernetes/oneagent}/serviceaccount-oneagent-unprivileged.yaml (94%) rename dynatrace-operator/templates/{Common => Kubernetes/oneagent}/serviceaccount-oneagent.yaml (94%) rename dynatrace-operator/templates/{Common => Kubernetes/operator}/deployment-operator.yaml (98%) rename dynatrace-operator/templates/Kubernetes/{ => operator}/podsecuritypolicy-operator.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => operator}/serviceaccount-operator.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => routing}/podsecuritypolicy-routing.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => webhook}/podsecuritypolicy-webhook.yaml (100%) rename dynatrace-operator/templates/Kubernetes/{ => webhook}/serviceaccount-webhook.yaml (100%) rename dynatrace-operator/templates/Openshift/{ => oneagent}/securitycontextconstraints-unprivileged.yaml (98%) rename dynatrace-operator/templates/Openshift/{ => oneagent}/securitycontextconstraints.yaml (98%) rename dynatrace-operator/templates/Openshift/{ => oneagent}/serviceaccount-oneagent-unprivileged.yaml (100%) rename dynatrace-operator/templates/Openshift/{ => oneagent}/serviceaccount-oneagent.yaml (100%) rename dynatrace-operator/templates/Openshift/{ => operator}/deployment-operator.yaml (100%) rename dynatrace-operator/templates/Openshift/{ => operator}/serviceaccount-operator.yaml (100%) delete mode 100644 dynatrace-operator/templates/Openshift/role-operator.yaml rename dynatrace-operator/templates/Openshift/{ => webhook}/role-webhook.yaml (100%) rename dynatrace-operator/templates/Openshift/{ => webhook}/serviceaccount-webhook.yaml (100%) delete mode 100644 dynatrace-operator/tests/Common/KubernetesMonitoring/clusterrole-kubernetes-monitoring_test.yaml create mode 100644 dynatrace-operator/tests/Common/Routing/role-routing_test.yaml create mode 100644 dynatrace-operator/tests/Common/Routing/rolebinding-routing_test.yaml create mode 100644 dynatrace-operator/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml rename dynatrace-operator/tests/Common/{KubernetesMonitoring => kubernetes-monitoring}/clusterrolebinding-kubernetes-monitoring_test.yaml (89%) rename dynatrace-operator/tests/Common/{KubernetesMonitoring => kubernetes-monitoring}/role-kubernetes-monitoring_test.yaml (89%) rename dynatrace-operator/tests/Common/{KubernetesMonitoring => kubernetes-monitoring}/rolebinding-kubernetes-monitoring_test.yaml (90%) rename dynatrace-operator/tests/Common/{KubernetesMonitoring => kubernetes-monitoring}/serviceaccount-kubernetes-monitoring_test.yaml (83%) rename dynatrace-operator/tests/Common/{ => operator}/clusterrole-operator_test.yaml (73%) rename dynatrace-operator/tests/Common/{ => operator}/clusterrolebinding-operator_test.yaml (91%) rename dynatrace-operator/tests/{Kubernetes => Common/operator}/role-operator_test.yaml (91%) rename dynatrace-operator/tests/Common/{ => operator}/rolebinding-operator_test.yaml (93%) delete mode 100644 dynatrace-operator/tests/Common/podsecuritypolicy-operator_test.yaml create mode 100644 dynatrace-operator/tests/Common/routing/role-routing_test.yaml create mode 100644 dynatrace-operator/tests/Common/routing/rolebinding-routing_test.yaml create mode 100644 dynatrace-operator/tests/Common/routing/serviceaccount-routing_test.yaml rename dynatrace-operator/tests/Common/{ => webhook}/clusterrole-webhook_test.yaml (96%) rename dynatrace-operator/tests/Common/{ => webhook}/clusterrolebinding-webhook_test.yaml (92%) rename dynatrace-operator/tests/Common/{ => webhook}/deployment-webhook_test.yaml (99%) rename dynatrace-operator/tests/Common/{ => webhook}/mutatingwebhookconfiguration_test.yaml (94%) rename dynatrace-operator/tests/{Kubernetes => Common/webhook}/role-webhook_test.yaml (98%) rename dynatrace-operator/tests/Common/{ => webhook}/rolebinding-webhook_test.yaml (93%) rename dynatrace-operator/tests/Common/{ => webhook}/service_test.yaml (96%) rename dynatrace-operator/tests/Kubernetes/{ => kubernetes-monitoring}/podsecuritypolicy-kubernetes-monitoring_test.yaml (95%) rename dynatrace-operator/tests/Kubernetes/{ => oneagent}/podsecuritypolicy-oneagent-unprivileged_test.yaml (95%) rename dynatrace-operator/tests/Kubernetes/{ => oneagent}/podsecuritypolicy-oneagent_test.yaml (94%) rename dynatrace-operator/tests/Kubernetes/{ => oneagent}/role-oneagent-unprivileged_test.yaml (92%) rename dynatrace-operator/tests/Kubernetes/{ => oneagent}/role-oneagent_test.yaml (94%) rename dynatrace-operator/tests/Kubernetes/{ => oneagent}/rolebinding-oneagent-unprivileged_test.yaml (93%) rename dynatrace-operator/tests/Kubernetes/{ => oneagent}/rolebinding-oneagent_test.yaml (94%) rename dynatrace-operator/tests/{Common => Kubernetes/oneagent}/serviceaccount-oneagent-unprivileged_test.yaml (84%) rename dynatrace-operator/tests/{Common => Kubernetes/oneagent}/serviceaccount-oneagent_test.yaml (86%) rename dynatrace-operator/tests/{Common => Kubernetes/operator}/deployment-operator_test.yaml (98%) rename dynatrace-operator/tests/Kubernetes/{ => operator}/podsecuritypolicy-operator_test.yaml (96%) rename dynatrace-operator/tests/Kubernetes/{ => operator}/serviceaccount-operator_test.yaml (87%) rename dynatrace-operator/tests/Kubernetes/{ => routing}/podsecuritypolicy-routing_test.yaml (96%) rename dynatrace-operator/tests/Kubernetes/{ => webhook}/podsecuritypolicy-webhook_test.yaml (96%) rename dynatrace-operator/tests/Kubernetes/{ => webhook}/serviceaccount-webhook_test.yaml (90%) rename dynatrace-operator/tests/Openshift/{ => oneagent}/securitycontextconstraints-unprivileged_test.yaml (96%) rename dynatrace-operator/tests/Openshift/{ => oneagent}/securitycontextconstraints_test.yaml (96%) rename dynatrace-operator/tests/Openshift/{ => oneagent}/serviceaccount-oneagent-unprivileged_test.yaml (90%) rename dynatrace-operator/tests/Openshift/{ => oneagent}/serviceaccount-oneagent_test.yaml (92%) rename dynatrace-operator/tests/Openshift/{ => operator}/deployment-operator_test.yaml (98%) rename dynatrace-operator/tests/Openshift/{ => operator}/serviceaccount-operator_test.yaml (92%) delete mode 100644 dynatrace-operator/tests/Openshift/role-operator_test.yaml rename dynatrace-operator/tests/Openshift/{ => webhook}/role-webhook_test.yaml (90%) rename dynatrace-operator/tests/Openshift/{ => webhook}/serviceaccount-webhook_test.yaml (92%) diff --git a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/Chart.yaml b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/Chart.yaml index 1dc4ed58..ecede458 100644 --- a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/Chart.yaml +++ b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/Chart.yaml @@ -18,8 +18,8 @@ description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png home: https://www.dynatrace.com/ type: application -version: 0.1.0 -appVersion: 0.1.0 +version: 0.2.1 +appVersion: 0.2.1 maintainers: - name: DTMad email: marco.mader@dynatrace.com diff --git a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/Common/deployment-operator.yaml b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/Common/deployment-operator.yaml index 56d9c8b3..cda7f371 100644 --- a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/Common/deployment-operator.yaml +++ b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/Common/deployment-operator.yaml @@ -66,14 +66,14 @@ spec: path: /healthz port: server-port scheme: HTTP - initialDelaySeconds: 60 + initialDelaySeconds: 15 periodSeconds: 10 livenessProbe: httpGet: path: /healthz port: server-port scheme: HTTP - initialDelaySeconds: 60 + initialDelaySeconds: 15 periodSeconds: 10 affinity: nodeAffinity: diff --git a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/application.yaml b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/application.yaml index 72bc2443..dd5d519d 100644 --- a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/application.yaml +++ b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/application.yaml @@ -25,7 +25,7 @@ metadata: spec: descriptor: type: "Dynatrace Operator" - version: "0.1.0" + version: "0.2.1" maintainers: - name: Dynatrace LLC url: https://www.dynatrace.com/ diff --git a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/configmap.yaml b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/configmap.yaml index 26202294..88915593 100644 --- a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/configmap.yaml +++ b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/templates/configmap.yaml @@ -155,7 +155,7 @@ data: volumes: - "*" hostNetwork: true - hostIPC: true + hostIPC: false hostPID: true hostPorts: - min: 0 @@ -206,7 +206,7 @@ data: volumes: - "*" hostNetwork: true - hostIPC: true + hostIPC: false hostPID: true hostPorts: - min: 0 @@ -306,26 +306,28 @@ data: annotations: controller-gen.kubebuilder.io/version: v0.3.0 ownerReferences: - - apiVersion: v1beta1 - blockOwnerDeletion: true - kind: Application - name: {{ .Release.Name }} - uid: ##UID## + - apiVersion: v1beta1 + blockOwnerDeletion: true + kind: Application + name: {{ .Release.Name }} + uid: ##UID## creationTimestamp: null name: dynakubes.dynatrace.com spec: additionalPrinterColumns: - - JSONPath: .spec.apiUrl - name: ApiUrl - type: string - - JSONPath: .status.tokens - name: Tokens - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date + - JSONPath: .spec.apiUrl + name: ApiUrl + type: string + - JSONPath: .status.tokens + name: Tokens + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date group: dynatrace.com names: + categories: + - dynatrace kind: DynaKube listKind: DynaKubeList plural: dynakubes @@ -423,7 +425,7 @@ data: key must be defined type: boolean required: - - key + - key type: object fieldRef: description: 'Selects a field of the pod: supports metadata.name, @@ -440,7 +442,7 @@ data: API version. type: string required: - - fieldPath + - fieldPath type: object resourceFieldRef: description: 'Selects a resource of the container: only @@ -459,7 +461,7 @@ data: description: 'Required: resource to select' type: string required: - - resource + - resource type: object secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -478,11 +480,11 @@ data: must be defined type: boolean required: - - key + - key type: object type: object required: - - name + - name type: object type: array labels: @@ -599,6 +601,1410 @@ data: to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object + volume: + description: 'Optional: use OneAgent binaries from volume' + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to + the associated CSI driver which will determine the default + filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the + volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for + this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled\ + \ by a cluster storage driver (Alpha feature). The volume's\ + \ lifecycle is tied to the pod that defines it - it will be\ + \ created before the pod starts, and deleted when the pod\ + \ is removed. \n Use this if: a) the volume is only needed\ + \ while the pod runs, b) features of normal volumes like restoring\ + \ from snapshot or capacity tracking are needed, c) the\ + \ storage driver is specified through a storage class, and\ + \ d) the storage driver supports dynamic volume provisioning\ + \ through a PersistentVolumeClaim (see EphemeralVolumeSource\ + \ for more information on the connection between this volume\ + \ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim\ + \ or one of the vendor-specific APIs for volumes that persist\ + \ for longer than the lifecycle of an individual pod. \n Use\ + \ CSI for light-weight local ephemeral volumes if the CSI\ + \ driver is meant to be used that way - see the documentation\ + \ of the driver for more information. \n A pod can use both\ + \ types of ephemeral volumes and persistent volumes at the\ + \ same time." + properties: + readOnly: + description: Specifies a read-only configuration for the + volume. Defaults to false (read/write). + type: boolean + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to\ + \ provision the volume. The pod in which this EphemeralVolumeSource\ + \ is embedded will be the owner of the PVC, i.e. the PVC\ + \ will be deleted together with the pod. The name of\ + \ the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array\ + \ entry. Pod validation will reject the pod if the concatenated\ + \ name is not valid for a PVC (for example, too long).\ + \ \n An existing PVC with that name that is not owned\ + \ by the pod will *not* be used for the pod to avoid using\ + \ an unrelated volume by mistake. Starting the pod is\ + \ then blocked until the unrelated PVC is removed. If\ + \ such a pre-created PVC is meant to be used by the pod,\ + \ the PVC has to updated with an owner reference to the\ + \ pod once the pod exists. Normally this should not be\ + \ necessary, but it may be useful when manually reconstructing\ + \ a broken cluster. \n This field is read-only and no\ + \ changes will be made by Kubernetes to the PVC after\ + \ it has been created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot + - Beta) * An existing PVC (PersistentVolumeClaim) + * An existing custom resource/object that implements + data population (Alpha) In order to use VolumeSnapshot + object types, the appropriate feature gate must + be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) + If the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. If the specified data source is not + supported, the volume will not be created and + the failure will be reported as an event. In the + future, we plan to support more data source types + and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: {} + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: {} + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for + this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the + plugin scripts. This may be empty if no secret object + is specified. If the secret object contains more than + one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or + start with '..'. If '.' is supplied, the volume directory + will be the git repository. Otherwise, if specified, + the volume will contain the git repository in the subdirectory + with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal values + for mode bits. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to + set permissions on this file. Must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults + to "1" + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose + name is the key and content is the value. If + specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to + set permissions on this file. Must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no + group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the + ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the + Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must + be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + type: object type: object customPullSecret: description: 'Optional: Pull secret for your private registry' @@ -661,7 +2067,7 @@ data: key must be defined type: boolean required: - - key + - key type: object fieldRef: description: 'Selects a field of the pod: supports metadata.name, @@ -678,7 +2084,7 @@ data: API version. type: string required: - - fieldPath + - fieldPath type: object resourceFieldRef: description: 'Selects a resource of the container: only @@ -697,7 +2103,7 @@ data: description: 'Required: resource to select' type: string required: - - resource + - resource type: object secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -716,11 +2122,11 @@ data: must be defined type: boolean required: - - key + - key type: object type: object required: - - name + - name type: object type: array labels: @@ -815,7 +2221,7 @@ data: type: integer type: object kubernetesMonitoring: - description: Enables Kubernetes Monitoring + description: 'Configuration for Kubernetes Monitoring' properties: args: description: 'Optional: Adds additional arguments for the ActiveGate @@ -876,7 +2282,7 @@ data: key must be defined type: boolean required: - - key + - key type: object fieldRef: description: 'Selects a field of the pod: supports metadata.name, @@ -893,7 +2299,7 @@ data: API version. type: string required: - - fieldPath + - fieldPath type: object resourceFieldRef: description: 'Selects a resource of the container: only @@ -912,7 +2318,7 @@ data: description: 'Required: resource to select' type: string required: - - resource + - resource type: object secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -931,11 +2337,11 @@ data: must be defined type: boolean required: - - key + - key type: object type: object required: - - name + - name type: object type: array group: @@ -1050,7 +2456,7 @@ data: type: string type: object routing: - description: Enables Routing + description: 'Configuration for Routing' properties: args: description: 'Optional: Adds additional arguments for the ActiveGate @@ -1111,7 +2517,7 @@ data: key must be defined type: boolean required: - - key + - key type: object fieldRef: description: 'Selects a field of the pod: supports metadata.name, @@ -1128,7 +2534,7 @@ data: API version. type: string required: - - fieldPath + - fieldPath type: object resourceFieldRef: description: 'Selects a resource of the container: only @@ -1147,7 +2553,7 @@ data: description: 'Required: resource to select' type: string required: - - resource + - resource type: object secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -1166,11 +2572,11 @@ data: must be defined type: boolean required: - - key + - key type: object type: object required: - - name + - name type: object type: array group: @@ -1267,7 +2673,7 @@ data: The property is not applied to the ActiveGate' type: string required: - - apiUrl + - apiUrl type: object status: description: DynaKubeStatus defines the observed state of DynaKube @@ -1281,6 +2687,11 @@ data: description: ImageVersion contains the version from the last image seen. type: string + lastImageProbeTimestamp: + description: LastImageProbeTimestamp defines the last timestamp + when the querying for image updates have been done. + format: date-time + type: string type: object conditions: description: Conditions includes status about the current state of the @@ -1331,9 +2742,9 @@ data: status: description: status of the condition, one of True, False, Unknown. enum: - - 'True' - - 'False' - - Unknown + - 'True' + - 'False' + - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. @@ -1344,11 +2755,11 @@ data: maxLength: 316 type: string required: - - lastTransitionTime - - message - - reason - - status - - type + - lastTransitionTime + - message + - reason + - status + - type type: object type: array environmentID: @@ -1372,6 +2783,13 @@ data: type: string oneAgent: properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + imageVersion: + description: ImageVersion contains the version from the last image + seen. + type: string instances: additionalProperties: properties: @@ -1383,6 +2801,11 @@ data: type: string type: object type: object + lastImageProbeTimestamp: + description: LastImageProbeTimestamp defines the last timestamp + when the querying for image updates have been done. + format: date-time + type: string lastUpdateProbeTimestamp: description: LastUpdateProbeTimestamp defines the last timestamp when the querying for updates have been done @@ -1410,9 +2833,9 @@ data: type: object version: v1alpha1 versions: - - name: v1alpha1 - served: true - storage: true + - name: v1alpha1 + served: true + storage: true dynakube.yaml: | apiVersion: dynatrace.com/v1alpha1 diff --git a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/values.yaml b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/values.yaml index 38344d8f..d9048f45 100644 --- a/dynatrace-operator-google-marketplace/chart/dynatrace-operator/values.yaml +++ b/dynatrace-operator-google-marketplace/chart/dynatrace-operator/values.yaml @@ -50,7 +50,13 @@ classicFullStack: nodeSelector: { } tolerations: [ ] waitReadySeconds: 300 - resources: { } + # resources: + # requests: + # cpu: 100m + # memory: 512Mi + # limits: + # cpu: 300m + # memory: 1.5Gi args: [] env: [] priorityClassName: "" @@ -67,7 +73,13 @@ kubernetesMonitoring: customProperties: value: "" valueFrom: "" - resources: { } + # resources: + # requests: + # cpu: 100m + # memory: 512Mi + # limits: + # cpu: 300m + # memory: 1.5Gi nodeSelector: {} tolerations: [] labels: {} @@ -82,7 +94,13 @@ routing: customProperties: value: "" valueFrom: "" - resources: { } + # resources: + # requests: + # cpu: 100m + # memory: 512Mi + # limits: + # cpu: 300m + # memory: 1.5Gi nodeSelector: { } tolerations: [ ] labels: { } diff --git a/dynatrace-operator-google-marketplace/schema.yaml b/dynatrace-operator-google-marketplace/schema.yaml index 7cc6f35d..7fb9d9a2 100644 --- a/dynatrace-operator-google-marketplace/schema.yaml +++ b/dynatrace-operator-google-marketplace/schema.yaml @@ -15,13 +15,17 @@ x-google-marketplace: schemaVersion: v2 applicationApiVersion: v1beta1 - publishedVersion: "0.1.0" + publishedVersion: "0.2.1" publishedVersionMetadata: releaseNote: >- - v0.1.0 + v0.2.1 Features - * Initial release of the Dynatrace Operator + * classicFullStack - The Dynatrace Operator now supports rolling out a fullstack agent + * routing - The Dynatrace Operator now supports rolling out a containerized ActiveGate to route the agent traffic + + Bug fixes + * Fixed a bug where setting resource limits for routing did not work releaseTypes: - Feature recommended: true @@ -407,7 +411,7 @@ properties: rulesType: CUSTOM rules: - apiGroups: - - "" # "" indicates the core API group + - "" resources: - namespaces resourceNames: diff --git a/dynatrace-operator/Chart.yaml b/dynatrace-operator/Chart.yaml index 5be3ad5c..7daac110 100644 --- a/dynatrace-operator/Chart.yaml +++ b/dynatrace-operator/Chart.yaml @@ -18,8 +18,8 @@ description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png home: https://www.dynatrace.com/ type: application -version: 0.1.0 -appVersion: 0.1.0 +version: 0.2.1 +appVersion: 0.2.1 maintainers: - name: DTMad email: marco.mader@dynatrace.com diff --git a/dynatrace-operator/README.md b/dynatrace-operator/README.md index 2c3bed62..16a3cf8b 100644 --- a/dynatrace-operator/README.md +++ b/dynatrace-operator/README.md @@ -8,6 +8,10 @@ The Dynatrace Operator supports rollout and lifecycle of various Dynatrace compo As of launch, the Dynatrace Operator can be used to deploy a containerized ActiveGate for Kubernetes API monitoring. New capabilities will be added to the Dynatrace Operator over time including metric routing, and API monitoring for AWS, Azure, GCP, and vSphere. +With v0.2.0 we added the classicFullStack functionality which allows rolling out the OneAgent to your Kubernetes +cluster. Furthermore, the Dynatrace Operator is now capable of rolling out a containerized ActiveGate for routing the +OneAgent traffic. + This Helm Chart requires Helm 3. ### Platforms @@ -15,6 +19,7 @@ Depending on the version of the Dynatrace Operator, it supports the following pl | Dynatrace Operator Helm Chart version | Kubernetes | OpenShift Container Platform | | ------------------------------------- | ---------- | ---------------------------- | +| v0.2.1 | 1.18+ | 3.11.188+, 4.5+ | | v0.1.0 | 1.18+ | 3.11.188+, 4.4+ | diff --git a/dynatrace-operator/questions.yml b/dynatrace-operator/questions.yml index 7439bd3b..734be6aa 100644 --- a/dynatrace-operator/questions.yml +++ b/dynatrace-operator/questions.yml @@ -89,12 +89,93 @@ questions: type: string group: "Global Configuration" + #################### ClassicFullStack (OPTIONAL) #################### + + - variable: classicFullStack.enabled + label: "Enable classic fullstack monitoring" + description: "Enables classic fullstack monitoring and rolls out the OneAgent" + default: true + type: boolean + group: "Classic FullStack" + show_subquestion_if: true + subquestions: + - variable: classicFullStack.nodeSelector + label: "Node selector to control the selection of nodes" + description: "Defines a NodeSelector to customize to which nodes the OneAgent will be rolled out - Please edit as Yaml for the best experience" + type: string + - variable: classicFullStack.tolerations + label: "Custom tolerations for the OneAgent" + description: "Defines custom tolerations to the OneAgent - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + default: "" + type: string + - variable: classicFullStack.waitReadySeconds + label: "Wait seconds until ready" + description: "Define the time to wait until OneAgent pod is ready after update - defaults to 300s" + default: 300 + type: int + - variable: classicFullStack.args + label: "Arguments to OneAgent installer" + description: "Defines additional arguments which get passed to the OneAgent installer - Please edit as Yaml for the best experience. The expected format is YAML and not a string" + default: "" + type: string + - variable: classicFullStack.env + label: "Environment variables for OneAgent" + description: "Defines additional environment variables which get passed to the OneAgent - Please edit as Yaml for the best experience" + type: string + - variable: classicFullStack.priorityClassName + label: "Assign priority class to OneAgent pods" + description: "Priority class to assign to OneAgent pods, more at https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/" + default: "" + type: string + - variable: classicFullStack.dnsPolicy + label: "Set custom DNS Policy" + description: "DNS Policy for OneAgent pods. Empty for default (ClusterFirst), more at https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy" + default: "" + type: string + - variable: classicFullStack.labels + label: "Custom labels for the OneAgent pods" + description: "Defines labels for OneAgent pods to structure workloads as desired - Please edit as Yaml for the best experience" + type: string + - variable: classicFullStack.useUnprivilegedMode + label: "Run unprivileged" + description: "Support full-stack OneAgent running on unprivileged mode" + default: true + type: boolean + - variable: classicFullStack.useImmutableImage + label: "Use immutable OneAgent image" + description: "If set the immutable OneAgent image will be used" + default: false + type: boolean + - variable: classicFullStack_use_custom_limits_settings + label: "Use custom limits settings" + description: "Use custom resource limits for the Dynatrace OneAgent" + default: false + type: boolean + show_subquestion_if: true + subquestions: + - variable: classicFullStack.resources.requests.cpu + label: "CPU resource request" + description: "Defines the minimum requested CPU by the OneAgent" + type: string + - variable: classicFullStack.resources.requests.memory + label: "Memory resource request" + description: "Defines the minimum requested memory by the OneAgent" + type: string + - variable: classicFullStack.resources.limits.cpu + label: "CPU resource limits" + description: "Defines the maximum provided CPU for the OneAgent" + type: string + - variable: classicFullStack.resources.limits.memory + label: "Memory resource limits" + description: "Defines the maximum provided memory for the OneAgent" + type: string + #################### Kubernetes Monitoring (OPTIONAL) #################### - variable: kubernetesMonitoring.enabled label: "Enable Kubernetes monitoring" description: "Enables Kubernetes monitoring for your cluster" - default: false + default: true type: boolean group: "Kubernetes Monitoring" show_subquestion_if: true @@ -119,11 +200,6 @@ questions: description: "Defines a NodeSelector to customize to which nodes the ActiveGate will be rolled out on - Please edit as Yaml for the best experience" default: "" type: multiline - - variable: kubernetesMonitoring.resources - label: "Resource definition for the ActiveGate pods" - description: "Defines the resources the ActiveGate pods can use - Please edit as Yaml for the best experience" - default: "" - type: multiline - variable: kubernetesMonitoring.labels label: "Custom labels for the ActiveGate pods" description: "Defines labels for ActiveGate pods to structure workloads as desired - Please edit as Yaml for the best experience" @@ -164,3 +240,121 @@ questions: default: "" type: string show_if: "showKubernetesMonitoringCustomPropertiesSource=ValueFrom" + - variable: kubernetesMonitoring_use_custom_limits_settings + label: "Use custom limits settings" + description: "Use custom resource limits for the Kubernetes Monitoring ActiveGate" + default: false + type: boolean + show_subquestion_if: true + subquestions: + - variable: kubernetesMonitoring.resources.requests.cpu + label: "CPU resource request" + description: "Defines the minimum requested CPU by the ActiveGate" + type: string + - variable: kubernetesMonitoring.resources.requests.memory + label: "Memory resource request" + description: "Defines the minimum requested memory by the ActiveGate" + type: string + - variable: kubernetesMonitoring.resources.limits.cpu + label: "CPU resource limits" + description: "Defines the maximum provided CPU for the ActiveGate" + type: string + - variable: kubernetesMonitoring.resources.limits.memory + label: "Memory resource limits" + description: "Defines the maximum provided memory for the ActiveGate" + type: string + + + #################### Routing (OPTIONAL) #################### + + - variable: routing.enabled + label: "Enable message routing" + description: "Enables routing for the OneAgent pods" + default: true + type: boolean + group: "Routing" + show_subquestion_if: true + subquestions: + - variable: routing.replicas + label: "Amount of replicas of ActiveGate pods" + description: "Sets the amount of replicas of ActiveGate pods are made" + default: 1 + type: int + - variable: routing.serviceAccountName + label: "Name of the service-account for ActiveGate-pods" + description: "Optional: The name of the ServiceAccount to assign to the ActiveGate Pods." + default: "dynatrace-routing" + type: string + - variable: routing.tolerations + label: "Custom tolerations for the ActiveGate pods" + description: "Defines custom tolerations for the ActiveGate pods - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + default: "" + type: multiline + - variable: routing.nodeSelector + label: "Node selector to control the selection of nodes" + description: "Defines a NodeSelector to customize to which nodes the ActiveGate will be rolled out on - Please edit as Yaml for the best experience" + default: "" + type: multiline + - variable: routing.labels + label: "Custom labels for the ActiveGate pods" + description: "Defines labels for ActiveGate pods to structure workloads as desired - Please edit as Yaml for the best experience" + default: "" + type: multiline + - variable: routing.args + label: "Arguments for the ActiveGate installer" + description: "Defines additional arguments which get passed to the ActiveGate installer - Please edit as Yaml for the best experience. The expected format is YAML and not a string" + default: "" + type: multiline + - variable: routing.env + label: "Environment variables for the ActiveGate" + description: "Defines additional environment variables which get passed to the ActiveGate - Please edit as Yaml for the best experience" + default: "" + type: multiline + - variable: routing.group + label: "Activation group" + description: "Optional: Set activation group for ActiveGate" + default: "" + type: string + - variable: showRoutingCustomPropertiesSource + label: "Select custom properties source" + description: "Select from where your custom properties are coming from. Value if you want to enter it directly. ValueFrom if you want to reference a secret." + default: "Value" + type: enum + options: + - "Value" + - "ValueFrom" + - variable: routing.customProperties.value + label: "Custom properties for the ActiveGate as value" + description: "Optional: Add custom properties - Please edit as Yaml for the best experience - more at https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/configure-activegate/" + default: "" + type: multiline + show_if: "showRoutingCustomPropertiesSource=Value" + - variable: routing.customProperties.valueFrom + label: "Custom properties for the ActiveGate as reference" + description: "Optional: Set the name of the secret that stores your custom properties" + default: "" + type: string + show_if: "showRoutingCustomPropertiesSource=ValueFrom" + - variable: routing_use_custom_limits_settings + label: "Use custom limits settings" + description: "Use custom resource limits for the routing ActiveGate" + default: false + type: boolean + show_subquestion_if: true + subquestions: + - variable: routing.resources.requests.cpu + label: "CPU resource request" + description: "Defines the minimum requested CPU by the ActiveGate" + type: string + - variable: routing.resources.requests.memory + label: "Memory resource request" + description: "Defines the minimum requested memory by the ActiveGate" + type: string + - variable: routing.resources.limits.cpu + label: "CPU resource limits" + description: "Defines the maximum provided CPU for the ActiveGate" + type: string + - variable: routing.resources.limits.memory + label: "Memory resource limits" + description: "Defines the maximum provided memory for the ActiveGate" + type: string diff --git a/dynatrace-operator/templates/Common/KubernetesMonitoring/clusterrole-kubernetes-monitoring.yaml b/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml similarity index 100% rename from dynatrace-operator/templates/Common/KubernetesMonitoring/clusterrole-kubernetes-monitoring.yaml rename to dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml diff --git a/dynatrace-operator/templates/Common/KubernetesMonitoring/clusterrolebinding-kubernetes-monitoring.yaml b/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml similarity index 100% rename from dynatrace-operator/templates/Common/KubernetesMonitoring/clusterrolebinding-kubernetes-monitoring.yaml rename to dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml diff --git a/dynatrace-operator/templates/Common/KubernetesMonitoring/role-kubernetes-monitoring.yaml b/dynatrace-operator/templates/Common/kubernetes-monitoring/role-kubernetes-monitoring.yaml similarity index 100% rename from dynatrace-operator/templates/Common/KubernetesMonitoring/role-kubernetes-monitoring.yaml rename to dynatrace-operator/templates/Common/kubernetes-monitoring/role-kubernetes-monitoring.yaml diff --git a/dynatrace-operator/templates/Common/KubernetesMonitoring/rolebinding-kubernetes-monitoring.yaml b/dynatrace-operator/templates/Common/kubernetes-monitoring/rolebinding-kubernetes-monitoring.yaml similarity index 100% rename from dynatrace-operator/templates/Common/KubernetesMonitoring/rolebinding-kubernetes-monitoring.yaml rename to dynatrace-operator/templates/Common/kubernetes-monitoring/rolebinding-kubernetes-monitoring.yaml diff --git a/dynatrace-operator/templates/Common/KubernetesMonitoring/serviceaccount-kubernetes-monitoring.yaml b/dynatrace-operator/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml similarity index 100% rename from dynatrace-operator/templates/Common/KubernetesMonitoring/serviceaccount-kubernetes-monitoring.yaml rename to dynatrace-operator/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml diff --git a/dynatrace-operator/templates/Common/clusterrole-operator.yaml b/dynatrace-operator/templates/Common/operator/clusterrole-operator.yaml similarity index 84% rename from dynatrace-operator/templates/Common/clusterrole-operator.yaml rename to dynatrace-operator/templates/Common/operator/clusterrole-operator.yaml index 914e72b2..6f17f2c6 100644 --- a/dynatrace-operator/templates/Common/clusterrole-operator.yaml +++ b/dynatrace-operator/templates/Common/operator/clusterrole-operator.yaml @@ -20,16 +20,6 @@ metadata: labels: {{- include "dynatrace-operator.labels" . | nindent 4 }} rules: - - apiGroups: - - "" # "" indicates the core API group - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - get - - list - - watch - apiGroups: - "" resources: @@ -51,7 +41,6 @@ rules: - secrets resourceNames: - dynatrace-dynakube-config - - dynatrace-dynakube-pull-secret verbs: - get - update diff --git a/dynatrace-operator/templates/Common/clusterrolebinding-operator.yaml b/dynatrace-operator/templates/Common/operator/clusterrolebinding-operator.yaml similarity index 100% rename from dynatrace-operator/templates/Common/clusterrolebinding-operator.yaml rename to dynatrace-operator/templates/Common/operator/clusterrolebinding-operator.yaml diff --git a/dynatrace-operator/templates/Kubernetes/role-operator.yaml b/dynatrace-operator/templates/Common/operator/role-operator.yaml similarity index 98% rename from dynatrace-operator/templates/Kubernetes/role-operator.yaml rename to dynatrace-operator/templates/Common/operator/role-operator.yaml index 5b52aade..1b20425d 100644 --- a/dynatrace-operator/templates/Kubernetes/role-operator.yaml +++ b/dynatrace-operator/templates/Common/operator/role-operator.yaml @@ -13,7 +13,6 @@ # limitations under the License. {{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -159,4 +158,3 @@ rules: - dynatrace-operator verbs: - use - {{ end }} diff --git a/dynatrace-operator/templates/Common/rolebinding-operator.yaml b/dynatrace-operator/templates/Common/operator/rolebinding-operator.yaml similarity index 100% rename from dynatrace-operator/templates/Common/rolebinding-operator.yaml rename to dynatrace-operator/templates/Common/operator/rolebinding-operator.yaml diff --git a/dynatrace-operator/templates/Common/podsecuritypolicy-operator.yaml b/dynatrace-operator/templates/Common/podsecuritypolicy-operator.yaml deleted file mode 100644 index 8f239254..00000000 --- a/dynatrace-operator/templates/Common/podsecuritypolicy-operator.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2020 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-operator.platformSet" .))}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ .Release.Name }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" - apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" - seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" -spec: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - volumes: - - "configMap" - - "emptyDir" - - "projected" - - "secret" - - "downwardAPI" - - "persistentVolumeClaim" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: "MustRunAsNonRoot" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" diff --git a/dynatrace-operator/templates/Common/Routing/role-routing.yaml b/dynatrace-operator/templates/Common/routing/role-routing.yaml similarity index 100% rename from dynatrace-operator/templates/Common/Routing/role-routing.yaml rename to dynatrace-operator/templates/Common/routing/role-routing.yaml diff --git a/dynatrace-operator/templates/Common/Routing/rolebinding-routing.yaml b/dynatrace-operator/templates/Common/routing/rolebinding-routing.yaml similarity index 100% rename from dynatrace-operator/templates/Common/Routing/rolebinding-routing.yaml rename to dynatrace-operator/templates/Common/routing/rolebinding-routing.yaml diff --git a/dynatrace-operator/templates/Common/Routing/serviceaccount-routing.yaml b/dynatrace-operator/templates/Common/routing/serviceaccount-routing.yaml similarity index 93% rename from dynatrace-operator/templates/Common/Routing/serviceaccount-routing.yaml rename to dynatrace-operator/templates/Common/routing/serviceaccount-routing.yaml index 67b4be76..2ccfc8ef 100644 --- a/dynatrace-operator/templates/Common/Routing/serviceaccount-routing.yaml +++ b/dynatrace-operator/templates/Common/routing/serviceaccount-routing.yaml @@ -19,4 +19,4 @@ metadata: name: dynatrace-routing namespace: {{ .Release.Namespace }} labels: - {{- include "dynatrace-operator.labels" . | nindent 4 }} + {{- include "dynatrace-operator.labels" . | nindent 4 }} diff --git a/dynatrace-operator/templates/Common/secret.yaml b/dynatrace-operator/templates/Common/secret.yaml index b1bce934..8eff30cf 100644 --- a/dynatrace-operator/templates/Common/secret.yaml +++ b/dynatrace-operator/templates/Common/secret.yaml @@ -19,6 +19,8 @@ kind: Secret metadata: name: {{ .Values.name }} namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.labels" . | nindent 4 }} data: apiToken: {{ .Values.apiToken | b64enc }} paasToken: {{ .Values.paasToken | b64enc }} diff --git a/dynatrace-operator/templates/Common/clusterrole-webhook.yaml b/dynatrace-operator/templates/Common/webhook/clusterrole-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Common/clusterrole-webhook.yaml rename to dynatrace-operator/templates/Common/webhook/clusterrole-webhook.yaml diff --git a/dynatrace-operator/templates/Common/clusterrolebinding-webhook.yaml b/dynatrace-operator/templates/Common/webhook/clusterrolebinding-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Common/clusterrolebinding-webhook.yaml rename to dynatrace-operator/templates/Common/webhook/clusterrolebinding-webhook.yaml diff --git a/dynatrace-operator/templates/Common/deployment-webhook.yaml b/dynatrace-operator/templates/Common/webhook/deployment-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Common/deployment-webhook.yaml rename to dynatrace-operator/templates/Common/webhook/deployment-webhook.yaml diff --git a/dynatrace-operator/templates/Common/mutatingwebhookconfiguration.yaml b/dynatrace-operator/templates/Common/webhook/mutatingwebhookconfiguration.yaml similarity index 100% rename from dynatrace-operator/templates/Common/mutatingwebhookconfiguration.yaml rename to dynatrace-operator/templates/Common/webhook/mutatingwebhookconfiguration.yaml diff --git a/dynatrace-operator/templates/Kubernetes/role-webhook.yaml b/dynatrace-operator/templates/Common/webhook/role-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/role-webhook.yaml rename to dynatrace-operator/templates/Common/webhook/role-webhook.yaml diff --git a/dynatrace-operator/templates/Common/rolebinding-webhook.yaml b/dynatrace-operator/templates/Common/webhook/rolebinding-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Common/rolebinding-webhook.yaml rename to dynatrace-operator/templates/Common/webhook/rolebinding-webhook.yaml diff --git a/dynatrace-operator/templates/Common/service.yaml b/dynatrace-operator/templates/Common/webhook/service.yaml similarity index 100% rename from dynatrace-operator/templates/Common/service.yaml rename to dynatrace-operator/templates/Common/webhook/service.yaml diff --git a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-kubernetes-monitoring.yaml b/dynatrace-operator/templates/Kubernetes/kubernetes-monitoring/podsecuritypolicy-kubernetes-monitoring.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/podsecuritypolicy-kubernetes-monitoring.yaml rename to dynatrace-operator/templates/Kubernetes/kubernetes-monitoring/podsecuritypolicy-kubernetes-monitoring.yaml diff --git a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-oneagent-unprivileged.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/podsecuritypolicy-oneagent-unprivileged.yaml similarity index 98% rename from dynatrace-operator/templates/Kubernetes/podsecuritypolicy-oneagent-unprivileged.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/podsecuritypolicy-oneagent-unprivileged.yaml index 7fdf951c..359a82cb 100644 --- a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-oneagent-unprivileged.yaml +++ b/dynatrace-operator/templates/Kubernetes/oneagent/podsecuritypolicy-oneagent-unprivileged.yaml @@ -45,7 +45,7 @@ spec: volumes: - "*" hostNetwork: true - hostIPC: true + hostIPC: false hostPID: true hostPorts: - min: 0 diff --git a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-oneagent.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/podsecuritypolicy-oneagent.yaml similarity index 98% rename from dynatrace-operator/templates/Kubernetes/podsecuritypolicy-oneagent.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/podsecuritypolicy-oneagent.yaml index 6ea31826..ee7538b4 100644 --- a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-oneagent.yaml +++ b/dynatrace-operator/templates/Kubernetes/oneagent/podsecuritypolicy-oneagent.yaml @@ -28,7 +28,7 @@ spec: volumes: - "*" hostNetwork: true - hostIPC: true + hostIPC: false hostPID: true hostPorts: - min: 0 diff --git a/dynatrace-operator/templates/Kubernetes/role-oneagent-unprivileged.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/role-oneagent-unprivileged.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/role-oneagent-unprivileged.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/role-oneagent-unprivileged.yaml diff --git a/dynatrace-operator/templates/Kubernetes/role-oneagent.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/role-oneagent.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/role-oneagent.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/role-oneagent.yaml diff --git a/dynatrace-operator/templates/Kubernetes/rolebinding-oneagent-unprivileged.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/rolebinding-oneagent-unprivileged.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/rolebinding-oneagent-unprivileged.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/rolebinding-oneagent-unprivileged.yaml diff --git a/dynatrace-operator/templates/Kubernetes/rolebinding-oneagent.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/rolebinding-oneagent.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/rolebinding-oneagent.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/rolebinding-oneagent.yaml diff --git a/dynatrace-operator/templates/Common/serviceaccount-oneagent-unprivileged.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/serviceaccount-oneagent-unprivileged.yaml similarity index 94% rename from dynatrace-operator/templates/Common/serviceaccount-oneagent-unprivileged.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/serviceaccount-oneagent-unprivileged.yaml index 0f88c2fc..c59d92aa 100644 --- a/dynatrace-operator/templates/Common/serviceaccount-oneagent-unprivileged.yaml +++ b/dynatrace-operator/templates/Kubernetes/oneagent/serviceaccount-oneagent-unprivileged.yaml @@ -13,8 +13,10 @@ # limitations under the License. {{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} apiVersion: v1 kind: ServiceAccount metadata: name: dynatrace-dynakube-oneagent-unprivileged namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/dynatrace-operator/templates/Common/serviceaccount-oneagent.yaml b/dynatrace-operator/templates/Kubernetes/oneagent/serviceaccount-oneagent.yaml similarity index 94% rename from dynatrace-operator/templates/Common/serviceaccount-oneagent.yaml rename to dynatrace-operator/templates/Kubernetes/oneagent/serviceaccount-oneagent.yaml index 15ddad9b..ff5d5085 100644 --- a/dynatrace-operator/templates/Common/serviceaccount-oneagent.yaml +++ b/dynatrace-operator/templates/Kubernetes/oneagent/serviceaccount-oneagent.yaml @@ -13,8 +13,10 @@ # limitations under the License. {{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} apiVersion: v1 kind: ServiceAccount metadata: name: dynatrace-dynakube-oneagent namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/dynatrace-operator/templates/Common/deployment-operator.yaml b/dynatrace-operator/templates/Kubernetes/operator/deployment-operator.yaml similarity index 98% rename from dynatrace-operator/templates/Common/deployment-operator.yaml rename to dynatrace-operator/templates/Kubernetes/operator/deployment-operator.yaml index 864d7f21..928f2c0a 100644 --- a/dynatrace-operator/templates/Common/deployment-operator.yaml +++ b/dynatrace-operator/templates/Kubernetes/operator/deployment-operator.yaml @@ -13,6 +13,7 @@ # limitations under the License. {{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes"}} apiVersion: apps/v1 kind: Deployment metadata: @@ -107,3 +108,4 @@ spec: {{- if .Values.operator.tolerations }} tolerations: {{- toYaml .Values.operator.tolerations | nindent 8 }} {{- end -}} +{{ end }} diff --git a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-operator.yaml b/dynatrace-operator/templates/Kubernetes/operator/podsecuritypolicy-operator.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/podsecuritypolicy-operator.yaml rename to dynatrace-operator/templates/Kubernetes/operator/podsecuritypolicy-operator.yaml diff --git a/dynatrace-operator/templates/Kubernetes/serviceaccount-operator.yaml b/dynatrace-operator/templates/Kubernetes/operator/serviceaccount-operator.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/serviceaccount-operator.yaml rename to dynatrace-operator/templates/Kubernetes/operator/serviceaccount-operator.yaml diff --git a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-routing.yaml b/dynatrace-operator/templates/Kubernetes/routing/podsecuritypolicy-routing.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/podsecuritypolicy-routing.yaml rename to dynatrace-operator/templates/Kubernetes/routing/podsecuritypolicy-routing.yaml diff --git a/dynatrace-operator/templates/Kubernetes/podsecuritypolicy-webhook.yaml b/dynatrace-operator/templates/Kubernetes/webhook/podsecuritypolicy-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/podsecuritypolicy-webhook.yaml rename to dynatrace-operator/templates/Kubernetes/webhook/podsecuritypolicy-webhook.yaml diff --git a/dynatrace-operator/templates/Kubernetes/serviceaccount-webhook.yaml b/dynatrace-operator/templates/Kubernetes/webhook/serviceaccount-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Kubernetes/serviceaccount-webhook.yaml rename to dynatrace-operator/templates/Kubernetes/webhook/serviceaccount-webhook.yaml diff --git a/dynatrace-operator/templates/Openshift/securitycontextconstraints-unprivileged.yaml b/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml similarity index 98% rename from dynatrace-operator/templates/Openshift/securitycontextconstraints-unprivileged.yaml rename to dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml index 03dbdc34..29576214 100644 --- a/dynatrace-operator/templates/Openshift/securitycontextconstraints-unprivileged.yaml +++ b/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml @@ -21,7 +21,7 @@ metadata: kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc." name: dynatrace-dynakube-oneagent-unprivileged allowHostDirVolumePlugin: true -allowHostIPC: true +allowHostIPC: false allowHostNetwork: true allowHostPID: true allowHostPorts: true diff --git a/dynatrace-operator/templates/Openshift/securitycontextconstraints.yaml b/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints.yaml similarity index 98% rename from dynatrace-operator/templates/Openshift/securitycontextconstraints.yaml rename to dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints.yaml index a209ac4d..12acc0fc 100644 --- a/dynatrace-operator/templates/Openshift/securitycontextconstraints.yaml +++ b/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints.yaml @@ -21,7 +21,7 @@ metadata: kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc." name: dynatrace-dynakube-oneagent-privileged allowHostDirVolumePlugin: true -allowHostIPC: true +allowHostIPC: false allowHostNetwork: true allowHostPID: true allowHostPorts: true diff --git a/dynatrace-operator/templates/Openshift/serviceaccount-oneagent-unprivileged.yaml b/dynatrace-operator/templates/Openshift/oneagent/serviceaccount-oneagent-unprivileged.yaml similarity index 100% rename from dynatrace-operator/templates/Openshift/serviceaccount-oneagent-unprivileged.yaml rename to dynatrace-operator/templates/Openshift/oneagent/serviceaccount-oneagent-unprivileged.yaml diff --git a/dynatrace-operator/templates/Openshift/serviceaccount-oneagent.yaml b/dynatrace-operator/templates/Openshift/oneagent/serviceaccount-oneagent.yaml similarity index 100% rename from dynatrace-operator/templates/Openshift/serviceaccount-oneagent.yaml rename to dynatrace-operator/templates/Openshift/oneagent/serviceaccount-oneagent.yaml diff --git a/dynatrace-operator/templates/Openshift/deployment-operator.yaml b/dynatrace-operator/templates/Openshift/operator/deployment-operator.yaml similarity index 100% rename from dynatrace-operator/templates/Openshift/deployment-operator.yaml rename to dynatrace-operator/templates/Openshift/operator/deployment-operator.yaml diff --git a/dynatrace-operator/templates/Openshift/serviceaccount-operator.yaml b/dynatrace-operator/templates/Openshift/operator/serviceaccount-operator.yaml similarity index 100% rename from dynatrace-operator/templates/Openshift/serviceaccount-operator.yaml rename to dynatrace-operator/templates/Openshift/operator/serviceaccount-operator.yaml diff --git a/dynatrace-operator/templates/Openshift/role-operator.yaml b/dynatrace-operator/templates/Openshift/role-operator.yaml deleted file mode 100644 index c7f32d70..00000000 --- a/dynatrace-operator/templates/Openshift/role-operator.yaml +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-operator.labels" . | nindent 4 }} -rules: - - apiGroups: - - dynatrace.com - resources: - - dynakubes - verbs: - - get - - list - - watch - - update - - create - - apiGroups: - - dynatrace.com - resources: - - dynakubes/finalizers - - dynakubes/status - verbs: - - update - - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" # "" indicates the core API group - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - pods - verbs: - - get - - list - - watch - - delete - - create - - apiGroups: - - "" # "" indicates the core API group - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - events - verbs: - - list - - create - - apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - list - - delete - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - networking.istio.io - resources: - - serviceentries - - virtualservices - verbs: - - get - - list - - create - - update - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - update - - create - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-operator - verbs: - - use -{{ end }} diff --git a/dynatrace-operator/templates/Openshift/role-webhook.yaml b/dynatrace-operator/templates/Openshift/webhook/role-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Openshift/role-webhook.yaml rename to dynatrace-operator/templates/Openshift/webhook/role-webhook.yaml diff --git a/dynatrace-operator/templates/Openshift/serviceaccount-webhook.yaml b/dynatrace-operator/templates/Openshift/webhook/serviceaccount-webhook.yaml similarity index 100% rename from dynatrace-operator/templates/Openshift/serviceaccount-webhook.yaml rename to dynatrace-operator/templates/Openshift/webhook/serviceaccount-webhook.yaml diff --git a/dynatrace-operator/tests/Common/KubernetesMonitoring/clusterrole-kubernetes-monitoring_test.yaml b/dynatrace-operator/tests/Common/KubernetesMonitoring/clusterrole-kubernetes-monitoring_test.yaml deleted file mode 100644 index e01952bc..00000000 --- a/dynatrace-operator/tests/Common/KubernetesMonitoring/clusterrole-kubernetes-monitoring_test.yaml +++ /dev/null @@ -1,49 +0,0 @@ -suite: test clusterrole for kubernetes monitoring -templates: - - Common/KubernetesMonitoring/clusterrole-kubernetes-monitoring.yaml -tests: - - it: should exist - asserts: - - isKind: - of: ClusterRole - - equal: - path: metadata.name - value: dynatrace-kubernetes-monitoring - - isNotEmpty: - path: metadata.labels - - isNotEmpty: - path: rules - - contains: - path: rules - content: - apiGroups: - - "" - - batch - - apps - - apps.openshift.io - resources: - - nodes - - pods - - namespaces - - deployments - - replicasets - - deploymentconfigs - - replicationcontrollers - - jobs - - cronjobs - - statefulsets - - daemonsets - - events - - resourcequotas - - pods/proxy - - nodes/proxy - - services - - clusterversions - verbs: - - list - - watch - - get - - nonResourceURLs: - - /metrics - verbs: - - get diff --git a/dynatrace-operator/tests/Common/Routing/role-routing_test.yaml b/dynatrace-operator/tests/Common/Routing/role-routing_test.yaml new file mode 100644 index 00000000..c4828a51 --- /dev/null +++ b/dynatrace-operator/tests/Common/Routing/role-routing_test.yaml @@ -0,0 +1,25 @@ +suite: test role for kubernetes monitoring +templates: + - Common/routing/role-routing.yaml +tests: + - it: should exist + asserts: + - isKind: + of: Role + - equal: + path: metadata.name + value: dynatrace-routing + - equal: + path: metadata.namespace + value: NAMESPACE + - contains: + path: rules + content: + apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - dynatrace-routing + verbs: + - use diff --git a/dynatrace-operator/tests/Common/Routing/rolebinding-routing_test.yaml b/dynatrace-operator/tests/Common/Routing/rolebinding-routing_test.yaml new file mode 100644 index 00000000..0130b04f --- /dev/null +++ b/dynatrace-operator/tests/Common/Routing/rolebinding-routing_test.yaml @@ -0,0 +1,26 @@ +suite: test role-binding for kubernetes monitoring +templates: + - Common/routing/rolebinding-routing.yaml +tests: + - it: should exist + asserts: + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: dynatrace-routing + - equal: + path: metadata.namespace + value: NAMESPACE + - equal: + path: roleRef + value: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynatrace-routing + - contains: + path: subjects + content: + kind: ServiceAccount + name: dynatrace-routing + namespace: NAMESPACE diff --git a/dynatrace-operator/tests/Common/Routing/serviceaccount-routing_test.yaml b/dynatrace-operator/tests/Common/Routing/serviceaccount-routing_test.yaml index ce37c54b..70cb2497 100644 --- a/dynatrace-operator/tests/Common/Routing/serviceaccount-routing_test.yaml +++ b/dynatrace-operator/tests/Common/Routing/serviceaccount-routing_test.yaml @@ -1,6 +1,6 @@ suite: test service account for routing templates: - - Common/Routing/serviceaccount-routing.yaml + - Common/routing/serviceaccount-routing.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml b/dynatrace-operator/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml new file mode 100644 index 00000000..aa32dc30 --- /dev/null +++ b/dynatrace-operator/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml @@ -0,0 +1,54 @@ +suite: test clusterrole for kubernetes monitoring +templates: + - Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml +tests: + - it: should exist + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: dynatrace-kubernetes-monitoring + - isNotEmpty: + path: metadata.labels + - isNotEmpty: + path: rules + - contains: + path: rules + content: + apiGroups: + - "" + - batch + - apps + - apps.openshift.io + - config.openshift.io + resources: + - nodes + - pods + - namespaces + - deployments + - replicasets + - deploymentconfigs + - replicationcontrollers + - jobs + - cronjobs + - statefulsets + - daemonsets + - events + - resourcequotas + - pods/proxy + - nodes/proxy + - services + - clusterversions + verbs: + - list + - watch + - get + - contains: + path: rules + content: + nonResourceURLs: + - /metrics + verbs: + - get + diff --git a/dynatrace-operator/tests/Common/KubernetesMonitoring/clusterrolebinding-kubernetes-monitoring_test.yaml b/dynatrace-operator/tests/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring_test.yaml similarity index 89% rename from dynatrace-operator/tests/Common/KubernetesMonitoring/clusterrolebinding-kubernetes-monitoring_test.yaml rename to dynatrace-operator/tests/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring_test.yaml index c3c0bc1d..050edce6 100644 --- a/dynatrace-operator/tests/Common/KubernetesMonitoring/clusterrolebinding-kubernetes-monitoring_test.yaml +++ b/dynatrace-operator/tests/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring_test.yaml @@ -1,6 +1,6 @@ suite: test clusterrole-binding for kubernetes monitoring templates: - - Common/KubernetesMonitoring/clusterrolebinding-kubernetes-monitoring.yaml + - Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Common/KubernetesMonitoring/role-kubernetes-monitoring_test.yaml b/dynatrace-operator/tests/Common/kubernetes-monitoring/role-kubernetes-monitoring_test.yaml similarity index 89% rename from dynatrace-operator/tests/Common/KubernetesMonitoring/role-kubernetes-monitoring_test.yaml rename to dynatrace-operator/tests/Common/kubernetes-monitoring/role-kubernetes-monitoring_test.yaml index 0e48a1b0..6816f3d6 100644 --- a/dynatrace-operator/tests/Common/KubernetesMonitoring/role-kubernetes-monitoring_test.yaml +++ b/dynatrace-operator/tests/Common/kubernetes-monitoring/role-kubernetes-monitoring_test.yaml @@ -1,6 +1,6 @@ suite: test role for kubernetes monitoring templates: - - Common/KubernetesMonitoring/role-kubernetes-monitoring.yaml + - Common/kubernetes-monitoring/role-kubernetes-monitoring.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Common/KubernetesMonitoring/rolebinding-kubernetes-monitoring_test.yaml b/dynatrace-operator/tests/Common/kubernetes-monitoring/rolebinding-kubernetes-monitoring_test.yaml similarity index 90% rename from dynatrace-operator/tests/Common/KubernetesMonitoring/rolebinding-kubernetes-monitoring_test.yaml rename to dynatrace-operator/tests/Common/kubernetes-monitoring/rolebinding-kubernetes-monitoring_test.yaml index 624f77f5..1651d4a1 100644 --- a/dynatrace-operator/tests/Common/KubernetesMonitoring/rolebinding-kubernetes-monitoring_test.yaml +++ b/dynatrace-operator/tests/Common/kubernetes-monitoring/rolebinding-kubernetes-monitoring_test.yaml @@ -1,6 +1,6 @@ suite: test role-binding for kubernetes monitoring templates: - - Common/KubernetesMonitoring/rolebinding-kubernetes-monitoring.yaml + - Common/kubernetes-monitoring/rolebinding-kubernetes-monitoring.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Common/KubernetesMonitoring/serviceaccount-kubernetes-monitoring_test.yaml b/dynatrace-operator/tests/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring_test.yaml similarity index 83% rename from dynatrace-operator/tests/Common/KubernetesMonitoring/serviceaccount-kubernetes-monitoring_test.yaml rename to dynatrace-operator/tests/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring_test.yaml index 31d8e049..798e67b6 100644 --- a/dynatrace-operator/tests/Common/KubernetesMonitoring/serviceaccount-kubernetes-monitoring_test.yaml +++ b/dynatrace-operator/tests/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring_test.yaml @@ -1,6 +1,6 @@ suite: test service account for kubernetes monitoring templates: - - Common/KubernetesMonitoring/serviceaccount-kubernetes-monitoring.yaml + - Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Common/clusterrole-operator_test.yaml b/dynatrace-operator/tests/Common/operator/clusterrole-operator_test.yaml similarity index 73% rename from dynatrace-operator/tests/Common/clusterrole-operator_test.yaml rename to dynatrace-operator/tests/Common/operator/clusterrole-operator_test.yaml index 20163c73..83cda2b3 100644 --- a/dynatrace-operator/tests/Common/clusterrole-operator_test.yaml +++ b/dynatrace-operator/tests/Common/operator/clusterrole-operator_test.yaml @@ -1,6 +1,6 @@ suite: test clusterrole for dynatrace operator templates: - - Common/clusterrole-operator.yaml + - Common/operator/clusterrole-operator.yaml tests: - it: should exist asserts: @@ -13,19 +13,6 @@ tests: path: metadata.labels - isNotEmpty: path: rules - - contains: - path: rules - content: - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - get - - list - - watch - contains: path: rules content: @@ -56,7 +43,6 @@ tests: - secrets resourceNames: - dynatrace-dynakube-config - - dynatrace-dynakube-pull-secret verbs: - get - update diff --git a/dynatrace-operator/tests/Common/clusterrolebinding-operator_test.yaml b/dynatrace-operator/tests/Common/operator/clusterrolebinding-operator_test.yaml similarity index 91% rename from dynatrace-operator/tests/Common/clusterrolebinding-operator_test.yaml rename to dynatrace-operator/tests/Common/operator/clusterrolebinding-operator_test.yaml index c7dfde0a..f7d59d3f 100644 --- a/dynatrace-operator/tests/Common/clusterrolebinding-operator_test.yaml +++ b/dynatrace-operator/tests/Common/operator/clusterrolebinding-operator_test.yaml @@ -1,6 +1,6 @@ suite: test clusterrole-binding for dynatrace operator templates: - - Common/clusterrolebinding-operator.yaml + - Common/operator/clusterrolebinding-operator.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Kubernetes/role-operator_test.yaml b/dynatrace-operator/tests/Common/operator/role-operator_test.yaml similarity index 91% rename from dynatrace-operator/tests/Kubernetes/role-operator_test.yaml rename to dynatrace-operator/tests/Common/operator/role-operator_test.yaml index d853c00f..5dc4b967 100644 --- a/dynatrace-operator/tests/Kubernetes/role-operator_test.yaml +++ b/dynatrace-operator/tests/Common/operator/role-operator_test.yaml @@ -1,14 +1,7 @@ suit: test role for oneagent on kubernetes templates: - - Kubernetes/role-operator.yaml + - Common/operator/role-operator.yaml tests: - - it: should not exist if platform is not kubernetes - set: - platform: openshift - asserts: - - hasDocuments: - count: 0 - - it: should exist set: platform: kubernetes @@ -79,7 +72,7 @@ tests: verbs: - update - apiGroups: - - "" # "" indicates the core API group + - "" resources: - configmaps verbs: @@ -90,7 +83,7 @@ tests: - update - delete - apiGroups: - - "" # "" indicates the core API group + - "" resources: - pods verbs: @@ -100,7 +93,7 @@ tests: - delete - create - apiGroups: - - "" # "" indicates the core API group + - "" resources: - secrets verbs: diff --git a/dynatrace-operator/tests/Common/rolebinding-operator_test.yaml b/dynatrace-operator/tests/Common/operator/rolebinding-operator_test.yaml similarity index 93% rename from dynatrace-operator/tests/Common/rolebinding-operator_test.yaml rename to dynatrace-operator/tests/Common/operator/rolebinding-operator_test.yaml index 24fe026e..5a4f6b2b 100644 --- a/dynatrace-operator/tests/Common/rolebinding-operator_test.yaml +++ b/dynatrace-operator/tests/Common/operator/rolebinding-operator_test.yaml @@ -1,6 +1,6 @@ suite: test rolebinding for dynatrace-operator templates: - - Common/rolebinding-operator.yaml + - Common/operator/rolebinding-operator.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Common/podsecuritypolicy-operator_test.yaml b/dynatrace-operator/tests/Common/podsecuritypolicy-operator_test.yaml deleted file mode 100644 index 4ac6b0f8..00000000 --- a/dynatrace-operator/tests/Common/podsecuritypolicy-operator_test.yaml +++ /dev/null @@ -1,44 +0,0 @@ -suite: test pod security policy for dynatrace operator -templates: - - Common/podsecuritypolicy-operator.yaml -tests: - - it: should exist - asserts: - - isKind: - of: PodSecurityPolicy - - equal: - path: metadata.name - value: RELEASE-NAME - - equal: - path: metadata.annotations - value: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" - apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" - seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" - - equal: - path: spec - value: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - volumes: - - "configMap" - - "emptyDir" - - "projected" - - "secret" - - "downwardAPI" - - "persistentVolumeClaim" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: "MustRunAsNonRoot" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" diff --git a/dynatrace-operator/tests/Common/routing/role-routing_test.yaml b/dynatrace-operator/tests/Common/routing/role-routing_test.yaml new file mode 100644 index 00000000..c4828a51 --- /dev/null +++ b/dynatrace-operator/tests/Common/routing/role-routing_test.yaml @@ -0,0 +1,25 @@ +suite: test role for kubernetes monitoring +templates: + - Common/routing/role-routing.yaml +tests: + - it: should exist + asserts: + - isKind: + of: Role + - equal: + path: metadata.name + value: dynatrace-routing + - equal: + path: metadata.namespace + value: NAMESPACE + - contains: + path: rules + content: + apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - dynatrace-routing + verbs: + - use diff --git a/dynatrace-operator/tests/Common/routing/rolebinding-routing_test.yaml b/dynatrace-operator/tests/Common/routing/rolebinding-routing_test.yaml new file mode 100644 index 00000000..0130b04f --- /dev/null +++ b/dynatrace-operator/tests/Common/routing/rolebinding-routing_test.yaml @@ -0,0 +1,26 @@ +suite: test role-binding for kubernetes monitoring +templates: + - Common/routing/rolebinding-routing.yaml +tests: + - it: should exist + asserts: + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: dynatrace-routing + - equal: + path: metadata.namespace + value: NAMESPACE + - equal: + path: roleRef + value: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynatrace-routing + - contains: + path: subjects + content: + kind: ServiceAccount + name: dynatrace-routing + namespace: NAMESPACE diff --git a/dynatrace-operator/tests/Common/routing/serviceaccount-routing_test.yaml b/dynatrace-operator/tests/Common/routing/serviceaccount-routing_test.yaml new file mode 100644 index 00000000..70cb2497 --- /dev/null +++ b/dynatrace-operator/tests/Common/routing/serviceaccount-routing_test.yaml @@ -0,0 +1,16 @@ +suite: test service account for routing +templates: + - Common/routing/serviceaccount-routing.yaml +tests: + - it: should exist + asserts: + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: dynatrace-routing + - equal: + path: metadata.namespace + value: NAMESPACE + - isNotEmpty: + path: metadata.labels diff --git a/dynatrace-operator/tests/Common/clusterrole-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/clusterrole-webhook_test.yaml similarity index 96% rename from dynatrace-operator/tests/Common/clusterrole-webhook_test.yaml rename to dynatrace-operator/tests/Common/webhook/clusterrole-webhook_test.yaml index 1c257ecd..41431297 100644 --- a/dynatrace-operator/tests/Common/clusterrole-webhook_test.yaml +++ b/dynatrace-operator/tests/Common/webhook/clusterrole-webhook_test.yaml @@ -1,6 +1,6 @@ suit: test clusterrole for webhook templates: - - Common/clusterrole-webhook.yaml + - Common/webhook/clusterrole-webhook.yaml tests: - it: should exist set: diff --git a/dynatrace-operator/tests/Common/clusterrolebinding-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/clusterrolebinding-webhook_test.yaml similarity index 92% rename from dynatrace-operator/tests/Common/clusterrolebinding-webhook_test.yaml rename to dynatrace-operator/tests/Common/webhook/clusterrolebinding-webhook_test.yaml index 6bb917be..5a8fa88b 100644 --- a/dynatrace-operator/tests/Common/clusterrolebinding-webhook_test.yaml +++ b/dynatrace-operator/tests/Common/webhook/clusterrolebinding-webhook_test.yaml @@ -1,6 +1,6 @@ suit: test clusterrolebinding for the webhook templates: - - Common/clusterrolebinding-webhook.yaml + - Common/webhook/clusterrolebinding-webhook.yaml tests: - it: should exist set: diff --git a/dynatrace-operator/tests/Common/deployment-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/deployment-webhook_test.yaml similarity index 99% rename from dynatrace-operator/tests/Common/deployment-webhook_test.yaml rename to dynatrace-operator/tests/Common/webhook/deployment-webhook_test.yaml index 15acc3b0..19c3cfae 100644 --- a/dynatrace-operator/tests/Common/deployment-webhook_test.yaml +++ b/dynatrace-operator/tests/Common/webhook/deployment-webhook_test.yaml @@ -1,6 +1,6 @@ suit: test deployment of webhook templates: - - Common/deployment-webhook.yaml + - Common/webhook/deployment-webhook.yaml tests: - it: should exist set: diff --git a/dynatrace-operator/tests/Common/mutatingwebhookconfiguration_test.yaml b/dynatrace-operator/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml similarity index 94% rename from dynatrace-operator/tests/Common/mutatingwebhookconfiguration_test.yaml rename to dynatrace-operator/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml index d0359a2c..010f06e3 100644 --- a/dynatrace-operator/tests/Common/mutatingwebhookconfiguration_test.yaml +++ b/dynatrace-operator/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml @@ -1,6 +1,6 @@ suit: test mutating webhook configuration templates: - - Common/mutatingwebhookconfiguration.yaml + - Common/webhook/mutatingwebhookconfiguration.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Kubernetes/role-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/role-webhook_test.yaml similarity index 98% rename from dynatrace-operator/tests/Kubernetes/role-webhook_test.yaml rename to dynatrace-operator/tests/Common/webhook/role-webhook_test.yaml index 48f061e0..46a7c3b5 100644 --- a/dynatrace-operator/tests/Kubernetes/role-webhook_test.yaml +++ b/dynatrace-operator/tests/Common/webhook/role-webhook_test.yaml @@ -1,6 +1,6 @@ suite: test role for webhook on kubernetes templates: - - Kubernetes/role-webhook.yaml + - Common/webhook/role-webhook.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Common/rolebinding-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/rolebinding-webhook_test.yaml similarity index 93% rename from dynatrace-operator/tests/Common/rolebinding-webhook_test.yaml rename to dynatrace-operator/tests/Common/webhook/rolebinding-webhook_test.yaml index a001b97f..9eeea697 100644 --- a/dynatrace-operator/tests/Common/rolebinding-webhook_test.yaml +++ b/dynatrace-operator/tests/Common/webhook/rolebinding-webhook_test.yaml @@ -1,6 +1,6 @@ suit: test rolebinding of webhook templates: - - Common/rolebinding-webhook.yaml + - Common/webhook/rolebinding-webhook.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Common/service_test.yaml b/dynatrace-operator/tests/Common/webhook/service_test.yaml similarity index 96% rename from dynatrace-operator/tests/Common/service_test.yaml rename to dynatrace-operator/tests/Common/webhook/service_test.yaml index 2d656a8d..e6806850 100644 --- a/dynatrace-operator/tests/Common/service_test.yaml +++ b/dynatrace-operator/tests/Common/webhook/service_test.yaml @@ -17,7 +17,7 @@ suit: test service of webhook templates: - - Common/service.yaml + - Common/webhook/service.yaml tests: - it: should exist asserts: diff --git a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-kubernetes-monitoring_test.yaml b/dynatrace-operator/tests/Kubernetes/kubernetes-monitoring/podsecuritypolicy-kubernetes-monitoring_test.yaml similarity index 95% rename from dynatrace-operator/tests/Kubernetes/podsecuritypolicy-kubernetes-monitoring_test.yaml rename to dynatrace-operator/tests/Kubernetes/kubernetes-monitoring/podsecuritypolicy-kubernetes-monitoring_test.yaml index b3c7aa92..ea70ef1b 100644 --- a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-kubernetes-monitoring_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/kubernetes-monitoring/podsecuritypolicy-kubernetes-monitoring_test.yaml @@ -1,6 +1,6 @@ suit: test pod security policy for kubernetes-monitoring on kubernetes templates: - - Kubernetes/podsecuritypolicy-kubernetes-monitoring.yaml + - Kubernetes/kubernetes-monitoring/podsecuritypolicy-kubernetes-monitoring.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-oneagent-unprivileged_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/podsecuritypolicy-oneagent-unprivileged_test.yaml similarity index 95% rename from dynatrace-operator/tests/Kubernetes/podsecuritypolicy-oneagent-unprivileged_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/podsecuritypolicy-oneagent-unprivileged_test.yaml index ab4e9882..0c2a576d 100644 --- a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-oneagent-unprivileged_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/podsecuritypolicy-oneagent-unprivileged_test.yaml @@ -1,6 +1,6 @@ suit: test pod security policy for oneagent-unprivileged on kubernetes templates: - - Kubernetes/podsecuritypolicy-oneagent-unprivileged.yaml + - Kubernetes/oneagent/podsecuritypolicy-oneagent-unprivileged.yaml tests: - it: should not exist if platform is not kubernetes set: @@ -56,7 +56,7 @@ tests: volumes: - "*" hostNetwork: true - hostIPC: true + hostIPC: false hostPID: true hostPorts: - min: 0 diff --git a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-oneagent_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/podsecuritypolicy-oneagent_test.yaml similarity index 94% rename from dynatrace-operator/tests/Kubernetes/podsecuritypolicy-oneagent_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/podsecuritypolicy-oneagent_test.yaml index 769a2af6..3c728fbd 100644 --- a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-oneagent_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/podsecuritypolicy-oneagent_test.yaml @@ -1,6 +1,6 @@ suit: test pod security policy for oneagent on kubernetes templates: - - Kubernetes/podsecuritypolicy-oneagent.yaml + - Kubernetes/oneagent/podsecuritypolicy-oneagent.yaml tests: - it: should not exist if platform is not kubernetes set: @@ -39,7 +39,7 @@ tests: volumes: - "*" hostNetwork: true - hostIPC: true + hostIPC: false hostPID: true hostPorts: - min: 0 diff --git a/dynatrace-operator/tests/Kubernetes/role-oneagent-unprivileged_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/role-oneagent-unprivileged_test.yaml similarity index 92% rename from dynatrace-operator/tests/Kubernetes/role-oneagent-unprivileged_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/role-oneagent-unprivileged_test.yaml index e497fde1..d33f5857 100644 --- a/dynatrace-operator/tests/Kubernetes/role-oneagent-unprivileged_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/role-oneagent-unprivileged_test.yaml @@ -1,6 +1,6 @@ suit: test role for oneagent on kubernetes templates: - - Kubernetes/role-oneagent-unprivileged.yaml + - Kubernetes/oneagent/role-oneagent-unprivileged.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Kubernetes/role-oneagent_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/role-oneagent_test.yaml similarity index 94% rename from dynatrace-operator/tests/Kubernetes/role-oneagent_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/role-oneagent_test.yaml index db583efc..1727dcf7 100644 --- a/dynatrace-operator/tests/Kubernetes/role-oneagent_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/role-oneagent_test.yaml @@ -1,6 +1,6 @@ suit: test role for oneagent on kubernetes templates: - - Kubernetes/role-oneagent.yaml + - Kubernetes/oneagent/role-oneagent.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Kubernetes/rolebinding-oneagent-unprivileged_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/rolebinding-oneagent-unprivileged_test.yaml similarity index 93% rename from dynatrace-operator/tests/Kubernetes/rolebinding-oneagent-unprivileged_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/rolebinding-oneagent-unprivileged_test.yaml index 20a3803f..ab435189 100644 --- a/dynatrace-operator/tests/Kubernetes/rolebinding-oneagent-unprivileged_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/rolebinding-oneagent-unprivileged_test.yaml @@ -1,6 +1,6 @@ suit: test rolebinding for oneagent on kubernetes templates: - - Kubernetes/rolebinding-oneagent-unprivileged.yaml + - Kubernetes/oneagent/rolebinding-oneagent-unprivileged.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Kubernetes/rolebinding-oneagent_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/rolebinding-oneagent_test.yaml similarity index 94% rename from dynatrace-operator/tests/Kubernetes/rolebinding-oneagent_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/rolebinding-oneagent_test.yaml index b8179b9e..83a703e4 100644 --- a/dynatrace-operator/tests/Kubernetes/rolebinding-oneagent_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/rolebinding-oneagent_test.yaml @@ -1,6 +1,6 @@ suit: test rolebinding for oneagent on kubernetes templates: - - Kubernetes/rolebinding-oneagent.yaml + - Kubernetes/oneagent/rolebinding-oneagent.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Common/serviceaccount-oneagent-unprivileged_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/serviceaccount-oneagent-unprivileged_test.yaml similarity index 84% rename from dynatrace-operator/tests/Common/serviceaccount-oneagent-unprivileged_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/serviceaccount-oneagent-unprivileged_test.yaml index 341e5a63..ee6ec3b4 100644 --- a/dynatrace-operator/tests/Common/serviceaccount-oneagent-unprivileged_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/serviceaccount-oneagent-unprivileged_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for oneagent templates: - - Common/serviceaccount-oneagent-unprivileged.yaml + - Kubernetes/oneagent/serviceaccount-oneagent-unprivileged.yaml tests: - it: should exist set: diff --git a/dynatrace-operator/tests/Common/serviceaccount-oneagent_test.yaml b/dynatrace-operator/tests/Kubernetes/oneagent/serviceaccount-oneagent_test.yaml similarity index 86% rename from dynatrace-operator/tests/Common/serviceaccount-oneagent_test.yaml rename to dynatrace-operator/tests/Kubernetes/oneagent/serviceaccount-oneagent_test.yaml index 52da33bf..d0ed1fe0 100644 --- a/dynatrace-operator/tests/Common/serviceaccount-oneagent_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/oneagent/serviceaccount-oneagent_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for oneagent templates: - - Common/serviceaccount-oneagent.yaml + - Kubernetes/oneagent/serviceaccount-oneagent.yaml tests: - it: should exist set: diff --git a/dynatrace-operator/tests/Common/deployment-operator_test.yaml b/dynatrace-operator/tests/Kubernetes/operator/deployment-operator_test.yaml similarity index 98% rename from dynatrace-operator/tests/Common/deployment-operator_test.yaml rename to dynatrace-operator/tests/Kubernetes/operator/deployment-operator_test.yaml index 1bcb1146..7e579124 100644 --- a/dynatrace-operator/tests/Common/deployment-operator_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/operator/deployment-operator_test.yaml @@ -1,6 +1,6 @@ suite: test deployment for dynatrace operator templates: - - Common/deployment-operator.yaml + - Kubernetes/operator/deployment-operator.yaml tests: - it: should exist set: diff --git a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-operator_test.yaml b/dynatrace-operator/tests/Kubernetes/operator/podsecuritypolicy-operator_test.yaml similarity index 96% rename from dynatrace-operator/tests/Kubernetes/podsecuritypolicy-operator_test.yaml rename to dynatrace-operator/tests/Kubernetes/operator/podsecuritypolicy-operator_test.yaml index 6d9ee9cb..e6e73f53 100644 --- a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-operator_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/operator/podsecuritypolicy-operator_test.yaml @@ -1,6 +1,6 @@ suit: test pod security policy for operator on kubernetes templates: - - Kubernetes/podsecuritypolicy-operator.yaml + - Kubernetes/operator/podsecuritypolicy-operator.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Kubernetes/serviceaccount-operator_test.yaml b/dynatrace-operator/tests/Kubernetes/operator/serviceaccount-operator_test.yaml similarity index 87% rename from dynatrace-operator/tests/Kubernetes/serviceaccount-operator_test.yaml rename to dynatrace-operator/tests/Kubernetes/operator/serviceaccount-operator_test.yaml index ddf5cd5b..828f678d 100644 --- a/dynatrace-operator/tests/Kubernetes/serviceaccount-operator_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/operator/serviceaccount-operator_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for dynatrace operator templates: - - Kubernetes/serviceaccount-operator.yaml + - Kubernetes/operator/serviceaccount-operator.yaml tests: - it: should exist set: diff --git a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-routing_test.yaml b/dynatrace-operator/tests/Kubernetes/routing/podsecuritypolicy-routing_test.yaml similarity index 96% rename from dynatrace-operator/tests/Kubernetes/podsecuritypolicy-routing_test.yaml rename to dynatrace-operator/tests/Kubernetes/routing/podsecuritypolicy-routing_test.yaml index b07360f9..495171ca 100644 --- a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-routing_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/routing/podsecuritypolicy-routing_test.yaml @@ -1,6 +1,6 @@ suit: test pod security policy for routing on kubernetes templates: - - Kubernetes/podsecuritypolicy-routing.yaml + - Kubernetes/routing/podsecuritypolicy-routing.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-webhook_test.yaml b/dynatrace-operator/tests/Kubernetes/webhook/podsecuritypolicy-webhook_test.yaml similarity index 96% rename from dynatrace-operator/tests/Kubernetes/podsecuritypolicy-webhook_test.yaml rename to dynatrace-operator/tests/Kubernetes/webhook/podsecuritypolicy-webhook_test.yaml index 2b9f99dc..7fea5fb2 100644 --- a/dynatrace-operator/tests/Kubernetes/podsecuritypolicy-webhook_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/webhook/podsecuritypolicy-webhook_test.yaml @@ -1,6 +1,6 @@ suit: test pod security policy for webhook on kubernetes templates: - - Kubernetes/podsecuritypolicy-webhook.yaml + - Kubernetes/webhook/podsecuritypolicy-webhook.yaml tests: - it: should not exist if platform is not kubernetes set: diff --git a/dynatrace-operator/tests/Kubernetes/serviceaccount-webhook_test.yaml b/dynatrace-operator/tests/Kubernetes/webhook/serviceaccount-webhook_test.yaml similarity index 90% rename from dynatrace-operator/tests/Kubernetes/serviceaccount-webhook_test.yaml rename to dynatrace-operator/tests/Kubernetes/webhook/serviceaccount-webhook_test.yaml index ccd61ae7..ac9e16ee 100644 --- a/dynatrace-operator/tests/Kubernetes/serviceaccount-webhook_test.yaml +++ b/dynatrace-operator/tests/Kubernetes/webhook/serviceaccount-webhook_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for webhook templates: - - Kubernetes/serviceaccount-webhook.yaml + - Kubernetes/webhook/serviceaccount-webhook.yaml tests: - it: should not exist if platform is openshift set: diff --git a/dynatrace-operator/tests/Openshift/securitycontextconstraints-unprivileged_test.yaml b/dynatrace-operator/tests/Openshift/oneagent/securitycontextconstraints-unprivileged_test.yaml similarity index 96% rename from dynatrace-operator/tests/Openshift/securitycontextconstraints-unprivileged_test.yaml rename to dynatrace-operator/tests/Openshift/oneagent/securitycontextconstraints-unprivileged_test.yaml index bf0afeb6..2f42ad83 100644 --- a/dynatrace-operator/tests/Openshift/securitycontextconstraints-unprivileged_test.yaml +++ b/dynatrace-operator/tests/Openshift/oneagent/securitycontextconstraints-unprivileged_test.yaml @@ -1,6 +1,6 @@ suit: test security context constraints on openshift templates: - - Openshift/securitycontextconstraints-unprivileged.yaml + - Openshift/oneagent/securitycontextconstraints-unprivileged.yaml tests: - it: should not exist if platform is not openshift set: @@ -34,7 +34,7 @@ tests: value: true - equal: path: allowHostIPC - value: true + value: false - equal: path: allowHostNetwork value: true diff --git a/dynatrace-operator/tests/Openshift/securitycontextconstraints_test.yaml b/dynatrace-operator/tests/Openshift/oneagent/securitycontextconstraints_test.yaml similarity index 96% rename from dynatrace-operator/tests/Openshift/securitycontextconstraints_test.yaml rename to dynatrace-operator/tests/Openshift/oneagent/securitycontextconstraints_test.yaml index 4d6d03a8..7040e886 100644 --- a/dynatrace-operator/tests/Openshift/securitycontextconstraints_test.yaml +++ b/dynatrace-operator/tests/Openshift/oneagent/securitycontextconstraints_test.yaml @@ -1,6 +1,6 @@ suit: test security context constraints on openshift templates: - - Openshift/securitycontextconstraints.yaml + - Openshift/oneagent/securitycontextconstraints.yaml tests: - it: should not exist if platform is not openshift set: @@ -34,7 +34,7 @@ tests: value: true - equal: path: allowHostIPC - value: true + value: false - equal: path: allowHostNetwork value: true diff --git a/dynatrace-operator/tests/Openshift/serviceaccount-oneagent-unprivileged_test.yaml b/dynatrace-operator/tests/Openshift/oneagent/serviceaccount-oneagent-unprivileged_test.yaml similarity index 90% rename from dynatrace-operator/tests/Openshift/serviceaccount-oneagent-unprivileged_test.yaml rename to dynatrace-operator/tests/Openshift/oneagent/serviceaccount-oneagent-unprivileged_test.yaml index a206e81d..51099f65 100644 --- a/dynatrace-operator/tests/Openshift/serviceaccount-oneagent-unprivileged_test.yaml +++ b/dynatrace-operator/tests/Openshift/oneagent/serviceaccount-oneagent-unprivileged_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for webhook templates: - - Openshift/serviceaccount-oneagent-unprivileged.yaml + - Openshift/oneagent/serviceaccount-oneagent-unprivileged.yaml tests: - it: should not exist if platform is not openshift set: diff --git a/dynatrace-operator/tests/Openshift/serviceaccount-oneagent_test.yaml b/dynatrace-operator/tests/Openshift/oneagent/serviceaccount-oneagent_test.yaml similarity index 92% rename from dynatrace-operator/tests/Openshift/serviceaccount-oneagent_test.yaml rename to dynatrace-operator/tests/Openshift/oneagent/serviceaccount-oneagent_test.yaml index f640279b..2b1fadcf 100644 --- a/dynatrace-operator/tests/Openshift/serviceaccount-oneagent_test.yaml +++ b/dynatrace-operator/tests/Openshift/oneagent/serviceaccount-oneagent_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for oneagent templates: - - Openshift/serviceaccount-oneagent.yaml + - Openshift/oneagent/serviceaccount-oneagent.yaml tests: - it: should not exist if platform is not openshift set: diff --git a/dynatrace-operator/tests/Openshift/deployment-operator_test.yaml b/dynatrace-operator/tests/Openshift/operator/deployment-operator_test.yaml similarity index 98% rename from dynatrace-operator/tests/Openshift/deployment-operator_test.yaml rename to dynatrace-operator/tests/Openshift/operator/deployment-operator_test.yaml index 26b479fc..c4de74c8 100644 --- a/dynatrace-operator/tests/Openshift/deployment-operator_test.yaml +++ b/dynatrace-operator/tests/Openshift/operator/deployment-operator_test.yaml @@ -1,6 +1,6 @@ suite: test deployment for dynatrace operator templates: - - Openshift/deployment-operator.yaml + - Openshift/operator/deployment-operator.yaml tests: - it: should not exist if platform is not openshift set: diff --git a/dynatrace-operator/tests/Openshift/serviceaccount-operator_test.yaml b/dynatrace-operator/tests/Openshift/operator/serviceaccount-operator_test.yaml similarity index 92% rename from dynatrace-operator/tests/Openshift/serviceaccount-operator_test.yaml rename to dynatrace-operator/tests/Openshift/operator/serviceaccount-operator_test.yaml index 52e1530e..5161ade3 100644 --- a/dynatrace-operator/tests/Openshift/serviceaccount-operator_test.yaml +++ b/dynatrace-operator/tests/Openshift/operator/serviceaccount-operator_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for dynatrace operator templates: - - Openshift/serviceaccount-operator.yaml + - Openshift/operator/serviceaccount-operator.yaml tests: - it: should not exist if platform is not openshift set: diff --git a/dynatrace-operator/tests/Openshift/role-operator_test.yaml b/dynatrace-operator/tests/Openshift/role-operator_test.yaml deleted file mode 100644 index 1877789b..00000000 --- a/dynatrace-operator/tests/Openshift/role-operator_test.yaml +++ /dev/null @@ -1,167 +0,0 @@ -suit: test role for oneagent on openshift -templates: - - Openshift/role-operator.yaml -tests: - - it: should not exist if platform is not openshift - set: - platform: kubernetes - asserts: - - hasDocuments: - count: 0 - - - it: should exist - set: - platform: openshift - asserts: - - equal: - path: metadata.name - value: RELEASE-NAME - - equal: - path: metadata.namespace - value: NAMESPACE - - isNotEmpty: - path: metadata.labels - - equal: - path: rules - value: - - apiGroups: - - dynatrace.com - resources: - - dynakubes - verbs: - - get - - list - - watch - - update - - create - - apiGroups: - - dynatrace.com - resources: - - dynakubes/finalizers - - dynakubes/status - verbs: - - update - - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - - apiGroups: - - "" # "" indicates the core API group - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - pods - verbs: - - get - - list - - watch - - delete - - create - - apiGroups: - - "" # "" indicates the core API group - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - events - verbs: - - list - - create - - apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - list - - delete - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - - apiGroups: - - networking.istio.io - resources: - - serviceentries - - virtualservices - verbs: - - get - - list - - create - - update - - delete - - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - update - - create - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-operator - verbs: - - use diff --git a/dynatrace-operator/tests/Openshift/role-webhook_test.yaml b/dynatrace-operator/tests/Openshift/webhook/role-webhook_test.yaml similarity index 90% rename from dynatrace-operator/tests/Openshift/role-webhook_test.yaml rename to dynatrace-operator/tests/Openshift/webhook/role-webhook_test.yaml index 2124673d..456bf6cb 100644 --- a/dynatrace-operator/tests/Openshift/role-webhook_test.yaml +++ b/dynatrace-operator/tests/Openshift/webhook/role-webhook_test.yaml @@ -1,14 +1,7 @@ suite: test role for webhook on opneshift templates: - - Openshift/role-webhook.yaml + - Openshift/webhook/role-webhook.yaml tests: - - it: should not exist if platform is not openshift - set: - platform: kubernetes - asserts: - - hasDocuments: - count: 0 - - it: should exist set: platform: openshift diff --git a/dynatrace-operator/tests/Openshift/serviceaccount-webhook_test.yaml b/dynatrace-operator/tests/Openshift/webhook/serviceaccount-webhook_test.yaml similarity index 92% rename from dynatrace-operator/tests/Openshift/serviceaccount-webhook_test.yaml rename to dynatrace-operator/tests/Openshift/webhook/serviceaccount-webhook_test.yaml index 35a0d377..4bd3aa07 100644 --- a/dynatrace-operator/tests/Openshift/serviceaccount-webhook_test.yaml +++ b/dynatrace-operator/tests/Openshift/webhook/serviceaccount-webhook_test.yaml @@ -1,6 +1,6 @@ suite: test serviceaccount for webhook templates: - - Openshift/serviceaccount-webhook.yaml + - Openshift/webhook/serviceaccount-webhook.yaml tests: - it: should not exist if platform is not openshift set: diff --git a/dynatrace-operator/values.yaml b/dynatrace-operator/values.yaml index be01e011..e076099d 100644 --- a/dynatrace-operator/values.yaml +++ b/dynatrace-operator/values.yaml @@ -58,7 +58,7 @@ classicFullStack: dnsPolicy: "" serviceAccountName: "" labels: { } - useUnprivilegedMode: false + useUnprivilegedMode: true useImmutableImage: false kubernetesMonitoring: