From a18a5306eba44d72afa39a75256f4c1f7d01e552 Mon Sep 17 00:00:00 2001 From: Matous Jobanek Date: Mon, 5 Aug 2024 14:14:03 +0200 Subject: [PATCH] move appstudio tiers to toolchain-e2e repo (#1066) Co-authored-by: Alexey Kazakov --- .../appstudio-env/cluster.yaml | 128 -------- .../nstemplatetiers/appstudio-env/ns_env.yaml | 231 -------------- .../appstudio-env/spacerole_admin.yaml | 6 - .../appstudio-env/spacerole_contributor.yaml | 6 - .../appstudio-env/spacerole_maintainer.yaml | 6 - .../appstudio-env/spacerole_viewer.yaml | 6 - .../nstemplatetiers/appstudio-env/tier.yaml | 34 -- .../nstemplatetiers/appstudio/cluster.yaml | 143 --------- .../nstemplatetiers/appstudio/ns_tenant.yaml | 291 ------------------ .../appstudio/spacerole_admin.yaml | 276 ----------------- .../appstudio/spacerole_contributor.yaml | 192 ------------ .../appstudio/spacerole_maintainer.yaml | 219 ------------- .../appstudio/spacerole_viewer.yaml | 191 ------------ .../nstemplatetiers/appstudio/tier.yaml | 32 -- .../appstudiolarge/based_on_tier.yaml | 26 -- .../nstemplatetier_generator_test.go | 16 +- 16 files changed, 2 insertions(+), 1801 deletions(-) delete mode 100644 deploy/templates/nstemplatetiers/appstudio-env/cluster.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio-env/ns_env.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio-env/spacerole_admin.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio-env/spacerole_contributor.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio-env/spacerole_maintainer.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio-env/spacerole_viewer.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio-env/tier.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio/cluster.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio/ns_tenant.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio/spacerole_admin.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio/spacerole_contributor.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio/spacerole_maintainer.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio/spacerole_viewer.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudio/tier.yaml delete mode 100644 deploy/templates/nstemplatetiers/appstudiolarge/based_on_tier.yaml diff --git a/deploy/templates/nstemplatetiers/appstudio-env/cluster.yaml b/deploy/templates/nstemplatetiers/appstudio-env/cluster.yaml deleted file mode 100644 index 460e9a1f5..000000000 --- a/deploy/templates/nstemplatetiers/appstudio-env/cluster.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-env-cluster-resources -objects: -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-deployments - spec: - quota: - hard: - count/deployments.apps: "30" - count/deploymentconfigs.apps: "30" - count/pods: "150" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-replicas - spec: - quota: - hard: - count/replicasets.apps: "30" - count/replicationcontrollers: "30" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-routes - spec: - quota: - hard: - count/ingresses.extensions: "30" - count/routes.route.openshift.io: "30" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-jobs - spec: - quota: - hard: - count/jobs.batch: "30" - count/daemonsets.apps: "30" - count/cronjobs.batch: "30" - count/statefulsets.apps: "30" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-services - spec: - quota: - hard: - count/services: "30" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-bc - spec: - quota: - hard: - count/buildconfigs.build.openshift.io: "30" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-secrets - spec: - quota: - hard: - count/secrets: "100" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-cm - spec: - quota: - hard: - count/configmaps: "100" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: toolchain.dev.openshift.com/v1alpha1 - kind: Idler - metadata: - name: ${SPACE_NAME}-env - spec: - timeoutSeconds: ${{IDLER_TIMEOUT_SECONDS}} -parameters: -- name: SPACE_NAME - required: true -- name: IDLER_TIMEOUT_SECONDS - # No Idling - value: "0" diff --git a/deploy/templates/nstemplatetiers/appstudio-env/ns_env.yaml b/deploy/templates/nstemplatetiers/appstudio-env/ns_env.yaml deleted file mode 100644 index f801a2663..000000000 --- a/deploy/templates/nstemplatetiers/appstudio-env/ns_env.yaml +++ /dev/null @@ -1,231 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-env -objects: -- apiVersion: v1 - kind: Namespace - metadata: - annotations: - openshift.io/description: ${SPACE_NAME} - openshift.io/display-name: ${SPACE_NAME} - openshift.io/requester: ${SPACE_NAME} - labels: - name: ${SPACE_NAME}-env - argocd.argoproj.io/managed-by: gitops-service-argocd - # billing labels ref: https://github.com/redhat-appstudio/book/blob/main/ADR/0010-namespace-metadata.md - appstudio.redhat.com/workspace_name: ${SPACE_NAME} - # The ${SPACE_NAME} here is actually the space (aka workspace) name that is going to be provisioned as environment sub-space (aka sub-workspace). - # It's a legacy parameter that needs to be renamed - # related story https://issues.redhat.com/browse/CRT-1766 - name: ${SPACE_NAME}-env - -# ServiceAccount to be used by the deployer (eg. ArgoCD) to manage the content of the namespace -- apiVersion: v1 - kind: ServiceAccount - metadata: - namespace: ${SPACE_NAME}-env - name: namespace-manager - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: additional-argocd-read - namespace: ${SPACE_NAME}-env - rules: - - apiGroups: - - authorization.openshift.io - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - view - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - view - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - view - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: additional-argocd-read - namespace: ${SPACE_NAME}-env - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: additional-argocd-read - subjects: - - kind: ServiceAccount - name: namespace-manager - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: namespace-manager - namespace: ${SPACE_NAME}-env - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: edit - subjects: - - kind: ServiceAccount - name: namespace-manager - -# Quotas and default limits for not-terminating containers (regular long-running containers) -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: compute-deploy - namespace: ${SPACE_NAME}-env - spec: - scopes: - - NotTerminating - hard: - limits.cpu: "20" - limits.memory: ${MEMORY_LIMIT} - requests.cpu: 1750m - requests.memory: ${MEMORY_REQUEST} -# and terminating (short-lived containers like build) containers -# since builds are not supposed to be created in an environment namespace, then the limits are set to zero -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: compute-build - namespace: ${SPACE_NAME}-env - spec: - scopes: - - Terminating - hard: - cpu: 0 - memory: 0 - pods: 0 -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: storage - namespace: ${SPACE_NAME}-env - spec: - hard: - limits.ephemeral-storage: 50Gi - requests.storage: 50Gi - requests.ephemeral-storage: 50Gi - count/persistentvolumeclaims: "12" -- apiVersion: v1 - kind: LimitRange - metadata: - name: resource-limits - namespace: ${SPACE_NAME}-env - spec: - limits: - - type: "Container" - default: - cpu: 2000m - memory: 2Gi - defaultRequest: - cpu: 10m - memory: 256Mi - -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-same-namespace - namespace: ${SPACE_NAME}-env - spec: - podSelector: {} - ingress: - - from: - - podSelector: {} -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-openshift-ingress - namespace: ${SPACE_NAME}-env - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: ingress - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-openshift-monitoring - namespace: ${SPACE_NAME}-env - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: monitoring - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-codeready-workspaces-operator - namespace: ${SPACE_NAME}-env - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: codeready-workspaces - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-olm-namespaces - namespace: ${SPACE_NAME}-env - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - openshift.io/scc: anyuid - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-console-namespaces - namespace: ${SPACE_NAME}-env - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: console - podSelector: {} - policyTypes: - - Ingress -parameters: -- name: SPACE_NAME - required: true -- name: MEMORY_LIMIT - value: "32Gi" -- name: MEMORY_REQUEST - value: "32Gi" -- name: MEMORY_BUILD_LIMIT - value: "64Gi" -- name: MEMORY_BUILD_REQUEST - value: "32Gi" diff --git a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_admin.yaml b/deploy/templates/nstemplatetiers/appstudio-env/spacerole_admin.yaml deleted file mode 100644 index f1c423177..000000000 --- a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_admin.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-env-spacerole-admin -objects: [] -# The user doesn't have any permissions in the namespace diff --git a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_contributor.yaml b/deploy/templates/nstemplatetiers/appstudio-env/spacerole_contributor.yaml deleted file mode 100644 index b392cfea1..000000000 --- a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_contributor.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-env-spacerole-contributor -objects: [] -# The user doesn't have any permissions in the namespace diff --git a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_maintainer.yaml b/deploy/templates/nstemplatetiers/appstudio-env/spacerole_maintainer.yaml deleted file mode 100644 index d9db72667..000000000 --- a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_maintainer.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-env-spacerole-maintainer -objects: [] -# The user doesn't have any permissions in the namespace diff --git a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_viewer.yaml b/deploy/templates/nstemplatetiers/appstudio-env/spacerole_viewer.yaml deleted file mode 100644 index b3ab21821..000000000 --- a/deploy/templates/nstemplatetiers/appstudio-env/spacerole_viewer.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-env-spacerole-viewer -objects: [] -# The user doesn't have any permissions in the namespace diff --git a/deploy/templates/nstemplatetiers/appstudio-env/tier.yaml b/deploy/templates/nstemplatetiers/appstudio-env/tier.yaml deleted file mode 100644 index 20a5f968b..000000000 --- a/deploy/templates/nstemplatetiers/appstudio-env/tier.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-env-tier -objects: -- kind: NSTemplateTier - apiVersion: toolchain.dev.openshift.com/v1alpha1 - metadata: - name: appstudio-env - namespace: ${NAMESPACE} - spec: - clusterResources: - templateRef: ${CLUSTER_TEMPL_REF} - namespaces: - - templateRef: ${ENV_TEMPL_REF} - spaceRoles: - admin: - templateRef: ${ADMIN_TEMPL_REF} - maintainer: - templateRef: ${MAINTAINER_TEMPL_REF} - contributor: - templateRef: ${CONTRIBUTOR_TEMPL_REF} - viewer: - templateRef: ${VIEWER_TEMPL_REF} - spaceRequestConfig: - serviceAccountName: namespace-manager -parameters: -- name: NAMESPACE -- name: CLUSTER_TEMPL_REF -- name: ENV_TEMPL_REF -- name: ADMIN_TEMPL_REF -- name: MAINTAINER_TEMPL_REF -- name: CONTRIBUTOR_TEMPL_REF -- name: VIEWER_TEMPL_REF diff --git a/deploy/templates/nstemplatetiers/appstudio/cluster.yaml b/deploy/templates/nstemplatetiers/appstudio/cluster.yaml deleted file mode 100644 index c387158c3..000000000 --- a/deploy/templates/nstemplatetiers/appstudio/cluster.yaml +++ /dev/null @@ -1,143 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-cluster-resources -objects: -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-deployments - spec: - quota: - hard: - count/deployments.apps: ${{DEPLOYMENT_QUOTA}} - count/deploymentconfigs.apps: ${{DEPLOYMENT_QUOTA}} - count/pods: ${{POD_QUOTA}} - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-replicas - spec: - quota: - hard: - count/replicasets.apps: ${{REPLICASET_QUOTA}} - count/replicationcontrollers: ${{REPLICASET_QUOTA}} - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-routes - spec: - quota: - hard: - count/ingresses.extensions: ${{ROUTE_QUOTA}} - count/routes.route.openshift.io: ${{ROUTE_QUOTA}} - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-jobs - spec: - quota: - hard: - count/jobs.batch: "30" - count/daemonsets.apps: "30" - count/cronjobs.batch: "30" - count/statefulsets.apps: "30" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-services - spec: - quota: - hard: - count/services: ${{SERVICE_QUOTA}} - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-bc - spec: - quota: - hard: - count/buildconfigs.build.openshift.io: "30" - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-secrets - spec: - quota: - hard: - count/secrets: ${{SECRET_QUOTA}} - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - metadata: - name: for-${SPACE_NAME}-cm - spec: - quota: - hard: - count/configmaps: ${{CONFIGMAP_QUOTA}} - selector: - annotations: null - labels: - matchLabels: - toolchain.dev.openshift.com/space: ${SPACE_NAME} -- apiVersion: toolchain.dev.openshift.com/v1alpha1 - kind: Idler - metadata: - name: ${SPACE_NAME} - spec: - timeoutSeconds: ${{IDLER_TIMEOUT_SECONDS}} -parameters: -- name: SPACE_NAME - required: true -- name: IDLER_TIMEOUT_SECONDS - # No Idling - value: "0" -# Quota -- name: REPLICASET_QUOTA - value: "30" -- name: DEPLOYMENT_QUOTA - value: "30" -- name: POD_QUOTA - value: "600" -- name: ROUTE_QUOTA - value: "30" -- name: SERVICE_QUOTA - value: "30" -- name: CONFIGMAP_QUOTA - value: "100" -- name: SECRET_QUOTA - value: "300" diff --git a/deploy/templates/nstemplatetiers/appstudio/ns_tenant.yaml b/deploy/templates/nstemplatetiers/appstudio/ns_tenant.yaml deleted file mode 100644 index 8de7cf5b5..000000000 --- a/deploy/templates/nstemplatetiers/appstudio/ns_tenant.yaml +++ /dev/null @@ -1,291 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-tenant -objects: -- apiVersion: v1 - kind: Namespace - metadata: - annotations: - openshift.io/description: ${SPACE_NAME} - openshift.io/display-name: ${SPACE_NAME} - openshift.io/requester: ${SPACE_NAME} - labels: - name: ${SPACE_NAME}-tenant - argocd.argoproj.io/managed-by: gitops-service-argocd - # billing labels ref: https://github.com/redhat-appstudio/book/blob/main/ADR/0010-namespace-metadata.md - appstudio.redhat.com/workspace_name: ${SPACE_NAME} - name: ${SPACE_NAME}-tenant - -# Built-n developer environment is available for all users OOTB -- apiVersion: appstudio.redhat.com/v1alpha1 - kind: Environment - metadata: - name: development - namespace: ${SPACE_NAME}-tenant - spec: - deploymentStrategy: AppStudioAutomated - displayName: Development - type: Non-POC - -# Quotas and default limits for not-terminating containers (regular long-running containers) -# and terminating (short-lived containers like build) containers -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: compute-deploy - namespace: ${SPACE_NAME}-tenant - spec: - scopes: - - NotTerminating - hard: - limits.cpu: "20" - limits.memory: ${MEMORY_LIMIT} - requests.cpu: 1750m - requests.memory: ${MEMORY_REQUEST} -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: compute-build - namespace: ${SPACE_NAME}-tenant - spec: - scopes: - - Terminating - hard: - limits.cpu: ${CPU_BUILD_LIMIT} - limits.memory: ${MEMORY_BUILD_LIMIT} - requests.cpu: ${CPU_BUILD_REQUEST} - requests.memory: ${MEMORY_BUILD_REQUEST} -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: storage - namespace: ${SPACE_NAME}-tenant - spec: - hard: - limits.ephemeral-storage: 50Gi - requests.storage: ${REQUEST_STORAGE} - requests.ephemeral-storage: 50Gi - count/persistentvolumeclaims: "${COUNT_PVC}" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: toolchain-crds - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/spacerequests.toolchain.dev.openshift.com: "32" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: appstudio-crds - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/applications.appstudio.redhat.com: "512" - count/componentdetectionqueries.appstudio.redhat.com: "512" - count/components.appstudio.redhat.com: "512" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: appstudio-crds-build - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/buildpipelineselectors.appstudio.redhat.com: "512" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: appstudio-crds-gitops - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/environments.appstudio.redhat.com: "512" - count/promotionruns.appstudio.redhat.com: "512" - count/deploymenttargetclaims.appstudio.redhat.com: "32" - count/deploymenttargetclasses.appstudio.redhat.com: "32" - count/deploymenttargets.appstudio.redhat.com: "32" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: appstudio-crds-integration - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/integrationtestscenarios.appstudio.redhat.com: "512" - count/snapshots.appstudio.redhat.com: "1024" - count/snapshotenvironmentbindings.appstudio.redhat.com: "512" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: appstudio-crds-release - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/releaseplanadmissions.appstudio.redhat.com: "512" - count/releaseplans.appstudio.redhat.com: "512" - count/releases.appstudio.redhat.com: "512" - count/releasestrategies.appstudio.redhat.com: "512" - count/internalrequests.appstudio.redhat.com: "512" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: appstudio-crds-enterprisecontract - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/enterprisecontractpolicies.appstudio.redhat.com: "512" -- apiVersion: v1 - kind: ResourceQuota - metadata: - name: appstudio-crds-spi - namespace: ${SPACE_NAME}-tenant - spec: - hard: - count/spiaccesschecks.appstudio.redhat.com: "512" - count/spiaccesstokenbindings.appstudio.redhat.com: "512" - count/spiaccesstokendataupdates.appstudio.redhat.com: "512" - count/spiaccesstokens.appstudio.redhat.com: "512" - count/spifilecontentrequests.appstudio.redhat.com: "512" -- apiVersion: v1 - kind: LimitRange - metadata: - name: resource-limits - namespace: ${SPACE_NAME}-tenant - spec: - limits: - - type: "Container" - default: - cpu: 2000m - memory: 2Gi - defaultRequest: - cpu: 10m - memory: 256Mi - -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-same-namespace - namespace: ${SPACE_NAME}-tenant - spec: - podSelector: {} - ingress: - - from: - - podSelector: {} -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-openshift-ingress - namespace: ${SPACE_NAME}-tenant - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: ingress - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-openshift-monitoring - namespace: ${SPACE_NAME}-tenant - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: monitoring - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-codeready-workspaces-operator - namespace: ${SPACE_NAME}-tenant - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: codeready-workspaces - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-olm-namespaces - namespace: ${SPACE_NAME}-tenant - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - openshift.io/scc: anyuid - podSelector: {} - policyTypes: - - Ingress -- apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-from-console-namespaces - namespace: ${SPACE_NAME}-tenant - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: console - podSelector: {} - policyTypes: - - Ingress -# ServiceAccount and RoleBindings for running Pipelines. -# appstudio-pipelines-runner-clusterrole is deployed by the pipeline-service component. -- apiVersion: v1 - kind: ServiceAccount - metadata: - name: appstudio-pipeline - namespace: ${SPACE_NAME}-tenant -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: appstudio-pipelines-runner-rolebinding - namespace: ${SPACE_NAME}-tenant - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: appstudio-pipelines-runner - subjects: - - kind: ServiceAccount - namespace: ${SPACE_NAME}-tenant - name: appstudio-pipeline -- apiVersion: v1 - data: {} - kind: ConfigMap - metadata: - labels: - config.openshift.io/inject-trusted-cabundle: "true" - name: trusted-ca - namespace: ${SPACE_NAME}-tenant -parameters: -- name: SPACE_NAME - required: true -- name: MEMORY_LIMIT - value: "32Gi" -- name: MEMORY_REQUEST - value: "32Gi" -- name: CPU_BUILD_LIMIT - value: "120" -- name: CPU_BUILD_REQUEST - value: "60" -- name: MEMORY_BUILD_LIMIT - value: "128Gi" -- name: MEMORY_BUILD_REQUEST - value: "64Gi" -- name: COUNT_PVC - value: "90" -- name: REQUEST_STORAGE - value: "200Gi" diff --git a/deploy/templates/nstemplatetiers/appstudio/spacerole_admin.yaml b/deploy/templates/nstemplatetiers/appstudio/spacerole_admin.yaml deleted file mode 100644 index 3f588984f..000000000 --- a/deploy/templates/nstemplatetiers/appstudio/spacerole_admin.yaml +++ /dev/null @@ -1,276 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-spacerole-admin # name is used in e2e tests -objects: - -# Role(s) and RoleBinding(s) that grant limited CRUD permissions on AppStudio components CRDs & secrets to the user's SA -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - namespace: ${NAMESPACE} - name: appstudio-admin-user-actions - rules: - - apiGroups: - - appstudio.redhat.com - resources: - - applications - - components - - imagerepositories - - componentdetectionqueries - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - apiGroups: - - appstudio.redhat.com - resources: - - promotionruns - - snapshotenvironmentbindings - - snapshots - - environments - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - appstudio.redhat.com - resources: - - deploymenttargets - - deploymenttargetclaims - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - - apiGroups: - - tekton.dev - resources: - - pipelineruns - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - results.tekton.dev - resources: - - results - - records - - logs - verbs: - - get - - list - - apiGroups: - - appstudio.redhat.com - resources: - - enterprisecontractpolicies - - integrationtestscenarios - - releases - - releasestrategies - - releaseplans - - releaseplanadmissions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - appstudio.redhat.com - resources: - - spiaccesstokenbindings - - spiaccesschecks - - spiaccesstokens - - spifilecontentrequests - - spiaccesstokendataupdates - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - appstudio.redhat.com - resources: - - remotesecrets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - appstudio.redhat.com - resources: - - buildpipelineselectors - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - # Allow to manage pipeline ServiceAccount for linking secrets used for repositories - - apiGroups: - - "" - resources: - - serviceaccounts - resourceNames: - - appstudio-pipeline - verbs: - - get - - list - - watch - - update - - patch - # Allow to exec (rsh) to pods - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - apiGroups: - - toolchain.dev.openshift.com - resources: - - spacebindingrequests - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - # Allow using the project-controller - - apiGroups: - - projctl.konflux.dev - resources: - - projects - - projectdevelopmentstreams - - projectdevelopmentstreamtemplates - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - # Allow CRUD permissions on SecretStore and ExternalSecret CRs to the user's SA - - apiGroups: - - external-secrets.io - resources: - - secretstores - - externalsecrets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -# RoleBinding that grants limited CRUD permissions to the User -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-admin-${USERNAME}-actions-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appstudio-admin-user-actions - subjects: - - kind: User - name: ${USERNAME} -# RoleBinding that grants view permissions to the User -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-${USERNAME}-view-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: view - subjects: - - kind: User - name: ${USERNAME} - -parameters: -- name: NAMESPACE - required: true -- name: USERNAME - required: true \ No newline at end of file diff --git a/deploy/templates/nstemplatetiers/appstudio/spacerole_contributor.yaml b/deploy/templates/nstemplatetiers/appstudio/spacerole_contributor.yaml deleted file mode 100644 index 1486dbaa1..000000000 --- a/deploy/templates/nstemplatetiers/appstudio/spacerole_contributor.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-spacerole-contributor # name is used in e2e tests -objects: - -# RoleBinding that grants limited CRUD permissions on AppStudio components CRDs & secrets to the user's SA -# Role(s) and RoleBinding(s) that grant limited CRUD permissions on AppStudio components CRDs & secrets to the user's SA -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - namespace: ${NAMESPACE} - name: appstudio-contributor-user-actions - rules: - - apiGroups: - - appstudio.redhat.com - resources: - - applications - - components - - imagerepositories - - componentdetectionqueries - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - promotionruns - - snapshotenvironmentbindings - - snapshots - - environments - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - deploymenttargets - - deploymenttargetclaims - verbs: - - get - - list - - watch - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - - apiGroups: - - tekton.dev - resources: - - pipelineruns - verbs: - - get - - list - - watch - - apiGroups: - - results.tekton.dev - resources: - - results - - records - - logs - verbs: - - get - - list - - apiGroups: - - appstudio.redhat.com - resources: - - integrationtestscenarios - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - enterprisecontractpolicies - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - releases - - releasestrategies - - releaseplans - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - releaseplanadmissions - verbs: - - get - - list - - watch - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - spiaccesstokenbindings - - spiaccesschecks - - spiaccesstokens - - spifilecontentrequests - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - remotesecrets - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - buildpipelineselectors - verbs: - - get - - list - - watch - - apiGroups: - - projctl.konflux.dev - resources: - - projects - - projectdevelopmentstreams - - projectdevelopmentstreamtemplates - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-contributor-${USERNAME}-actions-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appstudio-contributor-user-actions - subjects: - - kind: User - name: ${USERNAME} -# Role & RoleBinding that grants view permissions to the user's SA -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-${USERNAME}-view-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: view - subjects: - - kind: User - name: ${USERNAME} - -parameters: -- name: NAMESPACE - required: true -- name: USERNAME - required: true diff --git a/deploy/templates/nstemplatetiers/appstudio/spacerole_maintainer.yaml b/deploy/templates/nstemplatetiers/appstudio/spacerole_maintainer.yaml deleted file mode 100644 index a3d9124b5..000000000 --- a/deploy/templates/nstemplatetiers/appstudio/spacerole_maintainer.yaml +++ /dev/null @@ -1,219 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-spacerole-maintainer # name is used in e2e tests -objects: - -# RoleBinding that grants limited CRUD permissions on AppStudio components CRDs & secrets to the user's SA -# Role(s) and RoleBinding(s) that grant limited CRUD permissions on AppStudio components CRDs & secrets to the user's SA -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - namespace: ${NAMESPACE} - name: appstudio-maintainer-user-actions - rules: - - apiGroups: - - appstudio.redhat.com - resources: - - applications - - components - - imagerepositories - - componentdetectionqueries - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - appstudio.redhat.com - resources: - - promotionruns - - snapshotenvironmentbindings - - snapshots - - environments - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - deploymenttargets - - deploymenttargetclaims - verbs: - - get - - list - - watch - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - - apiGroups: - - tekton.dev - resources: - - pipelineruns - verbs: - - get - - list - - watch - - apiGroups: - - results.tekton.dev - resources: - - results - - records - - logs - verbs: - - get - - list - - apiGroups: - - appstudio.redhat.com - resources: - - integrationtestscenarios - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - appstudio.redhat.com - resources: - - enterprisecontractpolicies - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - releases - - releasestrategies - - releaseplans - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - appstudio.redhat.com - resources: - - releaseplanadmissions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - appstudio.redhat.com - resources: - - spiaccesstokenbindings - - spiaccesschecks - - spiaccesstokens - - spifilecontentrequests - - spiaccesstokendataupdates - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - appstudio.redhat.com - resources: - - remotesecrets - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - buildpipelineselectors - verbs: - - get - - list - - watch - # Allow using the project-controller - - apiGroups: - - projctl.konflux.dev - resources: - - projects - - projectdevelopmentstreams - - projectdevelopmentstreamtemplates - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-maintainer-${USERNAME}-actions-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appstudio-maintainer-user-actions - subjects: - - kind: User - name: ${USERNAME} -# Role & RoleBinding that grants view permissions to the user's SA -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-${USERNAME}-view-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: view - subjects: - - kind: User - name: ${USERNAME} - -parameters: -- name: NAMESPACE - required: true -- name: USERNAME - required: true diff --git a/deploy/templates/nstemplatetiers/appstudio/spacerole_viewer.yaml b/deploy/templates/nstemplatetiers/appstudio/spacerole_viewer.yaml deleted file mode 100644 index e743a5cd9..000000000 --- a/deploy/templates/nstemplatetiers/appstudio/spacerole_viewer.yaml +++ /dev/null @@ -1,191 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-spacerole-viewer # name is used in e2e tests -objects: - -# RoleBinding that grants limited CRUD permissions on AppStudio components CRDs & secrets to the user's SA -# Role(s) and RoleBinding(s) that grant limited CRUD permissions on AppStudio components CRDs & secrets to the user's SA -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - namespace: ${NAMESPACE} - name: appstudio-viewer-user-actions - rules: - - apiGroups: - - appstudio.redhat.com - resources: - - applications - - components - - componentdetectionqueries - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - promotionruns - - snapshotenvironmentbindings - - snapshots - - environments - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - deploymenttargets - - deploymenttargetclaims - verbs: - - get - - list - - watch - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - - apiGroups: - - tekton.dev - resources: - - pipelineruns - verbs: - - get - - list - - watch - - apiGroups: - - results.tekton.dev - resources: - - results - - records - - logs - verbs: - - get - - list - - apiGroups: - - appstudio.redhat.com - resources: - - integrationtestscenarios - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - enterprisecontractpolicies - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - releases - - releasestrategies - - releaseplans - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - releaseplanadmissions - verbs: - - get - - list - - watch - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - spiaccesstokenbindings - - spiaccesschecks - - spiaccesstokens - - spifilecontentrequests - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - remotesecrets - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - appstudio.redhat.com - resources: - - buildpipelineselectors - verbs: - - get - - list - - watch - - apiGroups: - - projctl.konflux.dev - resources: - - projects - - projectdevelopmentstreams - - projectdevelopmentstreamtemplates - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-viewer-${USERNAME}-actions-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appstudio-viewer-user-actions - subjects: - - kind: User - name: ${USERNAME} -# Role & RoleBinding that grants view permissions to the user's SA -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - namespace: ${NAMESPACE} - name: appstudio-${USERNAME}-view-user - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: view - subjects: - - kind: User - name: ${USERNAME} - -parameters: -- name: NAMESPACE - required: true -- name: USERNAME - required: true diff --git a/deploy/templates/nstemplatetiers/appstudio/tier.yaml b/deploy/templates/nstemplatetiers/appstudio/tier.yaml deleted file mode 100644 index 4c5a9cc83..000000000 --- a/deploy/templates/nstemplatetiers/appstudio/tier.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: appstudio-tier -objects: -- kind: NSTemplateTier - apiVersion: toolchain.dev.openshift.com/v1alpha1 - metadata: - name: appstudio - namespace: ${NAMESPACE} - spec: - clusterResources: - templateRef: ${CLUSTER_TEMPL_REF} - namespaces: - - templateRef: ${TENANT_TEMPL_REF} - spaceRoles: - admin: - templateRef: ${ADMIN_TEMPL_REF} - maintainer: - templateRef: ${MAINTAINER_TEMPL_REF} - contributor: - templateRef: ${CONTRIBUTOR_TEMPL_REF} - viewer: - templateRef: ${VIEWER_TEMPL_REF} -parameters: -- name: NAMESPACE -- name: CLUSTER_TEMPL_REF -- name: TENANT_TEMPL_REF -- name: ADMIN_TEMPL_REF -- name: MAINTAINER_TEMPL_REF -- name: CONTRIBUTOR_TEMPL_REF -- name: VIEWER_TEMPL_REF diff --git a/deploy/templates/nstemplatetiers/appstudiolarge/based_on_tier.yaml b/deploy/templates/nstemplatetiers/appstudiolarge/based_on_tier.yaml deleted file mode 100644 index fe55f3fd6..000000000 --- a/deploy/templates/nstemplatetiers/appstudiolarge/based_on_tier.yaml +++ /dev/null @@ -1,26 +0,0 @@ -from: appstudio -parameters: -- name: REPLICASET_QUOTA - value: "100" -- name: DEPLOYMENT_QUOTA - value: "100" -- name: ROUTE_QUOTA - value: "100" -- name: SERVICE_QUOTA - value: "100" -- name: CONFIGMAP_QUOTA - value: "300" -- name: SECRET_QUOTA - value: "900" -- name: CPU_BUILD_LIMIT - value: "480" -- name: CPU_BUILD_REQUEST - value: "240" -- name: MEMORY_BUILD_LIMIT - value: "512Gi" -- name: MEMORY_BUILD_REQUEST - value: "256Gi" -- name: COUNT_PVC - value: "180" -- name: REQUEST_STORAGE - value: "400Gi" diff --git a/pkg/templates/nstemplatetiers/nstemplatetier_generator_test.go b/pkg/templates/nstemplatetiers/nstemplatetier_generator_test.go index 1b7278806..e201fc277 100644 --- a/pkg/templates/nstemplatetiers/nstemplatetier_generator_test.go +++ b/pkg/templates/nstemplatetiers/nstemplatetier_generator_test.go @@ -33,17 +33,10 @@ var expectedProdTiers = []string{ "baselarge", "baseextendedidling", "test", - "appstudio", - "appstudiolarge", - "appstudio-env", } func nsTypes(tier string) []string { switch tier { - case "appstudio", "appstudiolarge": - return []string{"tenant"} - case "appstudio-env": - return []string{"env"} case "base1ns", "base1nsnoidling", "base1ns6didler", "test": return []string{"dev"} default: @@ -51,13 +44,8 @@ func nsTypes(tier string) []string { } } -func roles(tier string) []string { - switch tier { - case "appstudio", "appstudio-env", "appstudiolarge": - return []string{"admin", "maintainer", "contributor", "viewer"} - default: - return []string{"admin"} - } +func roles(_ string) []string { + return []string{"admin"} } func TestCreateOrUpdateResourcesWitProdAssets(t *testing.T) {