diff --git a/katib/components/katib-controller/kustomization.yaml b/katib/components/katib-controller/kustomization.yaml index d5944ad1e0..81776ca7d5 100644 --- a/katib/components/katib-controller/kustomization.yaml +++ b/katib/components/katib-controller/kustomization.yaml @@ -15,10 +15,10 @@ resources: - ../../katib-controller/overlays/istio/katib-ui-virtual-service.yaml images: - name: docker.io/kubeflowkatib/katib-controller - newTag: v1beta1-6dc1af8 + newTag: v1beta1-a96ff59 newName: docker.io/kubeflowkatib/katib-controller - name: docker.io/kubeflowkatib/katib-ui - newTag: v1beta1-6dc1af8 + newTag: v1beta1-a96ff59 newName: docker.io/kubeflowkatib/katib-ui commonLabels: app.kubernetes.io/component: katib diff --git a/katib/components/katib-db-manager/kustomization.yaml b/katib/components/katib-db-manager/kustomization.yaml index fe09e7b764..401120f1ea 100644 --- a/katib/components/katib-db-manager/kustomization.yaml +++ b/katib/components/katib-db-manager/kustomization.yaml @@ -6,7 +6,7 @@ resources: - ../../katib-controller/base/katib-db-manager-service.yaml images: - name: docker.io/kubeflowkatib/katib-db-manager - newTag: v1beta1-6dc1af8 + newTag: v1beta1-a96ff59 newName: docker.io/kubeflowkatib/katib-db-manager commonLabels: app.kubernetes.io/component: katib diff --git a/katib/katib-controller/base/katib-configmap.yaml b/katib/katib-controller/base/katib-configmap.yaml index d2d619bd83..1eb32495ef 100644 --- a/katib/katib-controller/base/katib-configmap.yaml +++ b/katib/katib-controller/base/katib-configmap.yaml @@ -6,13 +6,13 @@ data: metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -23,22 +23,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -47,16 +47,16 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } diff --git a/katib/katib-controller/base/katib-controller-rbac.yaml b/katib/katib-controller/base/katib-controller-rbac.yaml index 57f25b1bfc..49f8706703 100644 --- a/katib/katib-controller/base/katib-controller-rbac.yaml +++ b/katib/katib-controller/base/katib-controller-rbac.yaml @@ -77,6 +77,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - "*" - apiGroups: diff --git a/katib/katib-controller/base/kustomization.yaml b/katib/katib-controller/base/kustomization.yaml index bc5a99ba73..5b12df2fc0 100644 --- a/katib/katib-controller/base/kustomization.yaml +++ b/katib/katib-controller/base/kustomization.yaml @@ -23,13 +23,13 @@ generatorOptions: disableNameSuffixHash: true images: - name: docker.io/kubeflowkatib/katib-controller - newTag: v1beta1-6dc1af8 + newTag: v1beta1-a96ff59 newName: docker.io/kubeflowkatib/katib-controller - name: docker.io/kubeflowkatib/katib-db-manager - newTag: v1beta1-6dc1af8 + newTag: v1beta1-a96ff59 newName: docker.io/kubeflowkatib/katib-db-manager - name: docker.io/kubeflowkatib/katib-ui - newTag: v1beta1-6dc1af8 + newTag: v1beta1-a96ff59 newName: docker.io/kubeflowkatib/katib-ui - name: mysql newTag: "8" diff --git a/katib/katib-controller/base/trial-template-configmap.yaml b/katib/katib-controller/base/trial-template-configmap.yaml index 75f760458c..64a1ea0036 100644 --- a/katib/katib-controller/base/trial-template-configmap.yaml +++ b/katib/katib-controller/base/trial-template-configmap.yaml @@ -13,7 +13,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -31,7 +31,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index fff284564b..56311273eb 100644 --- a/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -58,7 +58,7 @@ spec: secretKeyRef: key: KATIB_MYSQL_DB_PORT name: katib-mysql-secrets-kmcg6hfkfg - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/katib/installs/katib-external-db/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/katib/installs/katib-external-db/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/katib/installs/katib-external-db/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/katib/installs/katib-external-db/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/katib/installs/katib-external-db/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/katib/installs/katib-external-db/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/katib/installs/katib-standalone-ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/katib/installs/katib-standalone-ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/katib/installs/katib-standalone-ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/katib/installs/katib-standalone-ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/katib/installs/katib-standalone-ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/katib/installs/katib-standalone-ibm/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/katib/installs/katib-standalone/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/katib/installs/katib-standalone/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/katib/installs/katib-standalone/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/katib/installs/katib-standalone/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/katib/installs/katib-standalone/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/katib/installs/katib-standalone/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/aws/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/aws/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/aws/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/aws/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/aws/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/aws/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/aws/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/aws/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/aws/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/aws/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/aws/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/aws/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/aws/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/ibm/application/katib/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/ibm/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/ibm/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/ibm/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/ibm/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/ibm/application/katib/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/ibm/multi-user/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/ibm/multi-user/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/ibm/multi-user/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/ibm/multi-user/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/ibm/multi-user/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/ibm/multi-user/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-controller.yaml index 03cf83ea96..4bbc9d3fbf 100644 --- a/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -39,7 +39,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index 53e3a69ded..16949634b7 100644 --- a/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -38,7 +38,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-ui.yaml index 686beff7c6..4b9d958995 100644 --- a/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/stacks/kubernetes/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -37,7 +37,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/stacks/kubernetes/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/kubernetes/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index 63e4de61d7..0536e926a8 100644 --- a/tests/stacks/kubernetes/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/stacks/kubernetes/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -80,6 +80,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_katib-config.yaml index 34b8674198..f5881bfb7c 100644 --- a/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_trial-template.yaml index 9acada1500..260ea24d70 100644 --- a/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/stacks/kubernetes/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u diff --git a/tests/stacks/openshift/application/argo/kustomize_test.go b/tests/stacks/openshift/application/argo/kustomize_test.go new file mode 100644 index 0000000000..e8a70ccc2f --- /dev/null +++ b/tests/stacks/openshift/application/argo/kustomize_test.go @@ -0,0 +1,15 @@ +package argo + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/argo", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/argo/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/openshift/application/argo/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml new file mode 100644 index 0000000000..08f6d1185c --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/argo/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/openshift/application/argo/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml new file mode 100644 index 0000000000..4c20d279dd --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Argo Workflows is an open source container-native workflow engine + for orchestrating parallel jobs on Kubernetes + keywords: + - argo + - kubeflow + links: + - description: About + url: https://github.com/argoproj/argo + maintainers: [] + owners: [] + type: argo + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo diff --git a/tests/stacks/openshift/application/argo/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/openshift/application/argo/test_data/expected/apps_v1_deployment_argo-ui.yaml new file mode 100644 index 0000000000..94c841f165 --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/apps_v1_deployment_argo-ui.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: BASE_HREF + value: /argo/ + image: argoproj/argoui:v2.3.0 + imagePullPolicy: IfNotPresent + name: argo-ui + readinessProbe: + httpGet: + path: / + port: 8001 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo-ui + serviceAccountName: argo-ui + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/openshift/application/argo/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/openshift/application/argo/test_data/expected/apps_v1_deployment_workflow-controller.yaml new file mode 100644 index 0000000000..a7fdf681eb --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/apps_v1_deployment_workflow-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/openshift/application/argo/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/openshift/application/argo/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml new file mode 100644 index 0000000000..a5ab61a1c2 --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /argo/ + rewrite: + uri: / + route: + - destination: + host: argo-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml new file mode 100644 index 0000000000..c9e39f4614 --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml new file mode 100644 index 0000000000..7651a6568e --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml new file mode 100644 index 0000000000..f1df09722c --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-ui +subjects: +- kind: ServiceAccount + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml new file mode 100644 index 0000000000..266bc01c4e --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow diff --git a/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml new file mode 100644 index 0000000000..9797e191de --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + config: | + { + executorImage: argoproj/argoexec:v2.3.0, + containerRuntimeExecutor: k8sapi, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-configmap + namespace: kubeflow diff --git a/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml new file mode 100644 index 0000000000..f165258d39 --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +data: + artifactRepositoryAccessKeySecretKey: accesskey + artifactRepositoryAccessKeySecretName: mlpipeline-minio-artifact + artifactRepositoryBucket: mlpipeline + artifactRepositoryEndpoint: minio-service.kubeflow:9000 + artifactRepositoryInsecure: "true" + artifactRepositoryKeyPrefix: artifacts + artifactRepositorySecretKeySecretKey: secretkey + artifactRepositorySecretKeySecretName: mlpipeline-minio-artifact + clusterDomain: cluster.local + containerRuntimeExecutor: k8sapi + executorImage: argoproj/argoexec:v2.3.0 + namespace: "" +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-parameters + namespace: kubeflow diff --git a/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_service_argo-ui.yaml new file mode 100644 index 0000000000..0e091e0898 --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_service_argo-ui.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 8001 + selector: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + sessionAffinity: None + type: NodePort diff --git a/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml new file mode 100644 index 0000000000..c58dd0a3d4 --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_serviceaccount_argo.yaml new file mode 100644 index 0000000000..ad307ff2ca --- /dev/null +++ b/tests/stacks/openshift/application/argo/test_data/expected/~g_v1_serviceaccount_argo.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow diff --git a/tests/stacks/openshift/application/cert-manager-crds/kustomize_test.go b/tests/stacks/openshift/application/cert-manager-crds/kustomize_test.go new file mode 100644 index 0000000000..74eaa84caa --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-crds/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager_crds + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/cert-manager-crds", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml new file mode 100644 index 0000000000..0b81ee91ef --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml @@ -0,0 +1,181 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: certificaterequests.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: cert-manager.io + names: + kind: CertificateRequest + listKind: CertificateRequestList + plural: certificaterequests + shortNames: + - cr + - crs + singular: certificaterequest + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: CertificateRequest is a type to represent a Certificate Signing + Request + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateRequestSpec defines the desired state of CertificateRequest + properties: + csr: + description: Byte slice containing the PEM encoded CertificateSigningRequest + format: byte + type: string + duration: + description: Requested certificate default Duration + type: string + isCA: + description: IsCA will mark the resulting certificate as valid for signing. + This implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this CertificateRequest. If + the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the CertificateRequest + will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. The group field refers to the API group + of the issuer which defaults to 'cert-manager.io' if empty. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + type: object + status: + description: CertificateStatus defines the observed state of CertificateRequest + and resulting signed certificate. + properties: + ca: + description: Byte slice containing the PEM encoded certificate authority + of the signed certificate. + format: byte + type: string + certificate: + description: Byte slice containing a PEM encoded signed certificate + resulting from the given certificate signing request. + format: byte + type: string + conditions: + items: + description: CertificateRequestCondition contains condition information + for a CertificateRequest. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + failureTime: + description: FailureTime stores the time that this CertificateRequest + failed. This is used to influence garbage collection and back-off. + format: date-time + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml new file mode 100644 index 0000000000..6a46d9446b --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml @@ -0,0 +1,235 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: certificates.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.secretName + name: Secret + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: cert-manager.io + names: + kind: Certificate + listKind: CertificateList + plural: certificates + shortNames: + - cert + - certs + singular: certificate + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Certificate is a type to represent a Certificate from ACME + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateSpec defines the desired state of Certificate. A + valid Certificate requires at least one of a CommonName, DNSName, or URISAN + to be valid. + properties: + commonName: + description: CommonName is a common name to be used on the Certificate. + The CommonName should have a length of 64 characters or fewer to avoid + generating invalid CSRs. + type: string + dnsNames: + description: DNSNames is a list of subject alt names to be used on the + Certificate. + items: + type: string + type: array + duration: + description: Certificate default Duration + type: string + ipAddresses: + description: IPAddresses is a list of IP addresses to be used on the + Certificate + items: + type: string + type: array + isCA: + description: IsCA will mark this Certificate as valid for signing. This + implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this certificate. + If the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the Certificate will + be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + keyAlgorithm: + description: KeyAlgorithm is the private key algorithm of the corresponding + private key for this certificate. If provided, allowed values are + either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize is + not provided, key size of 256 will be used for "ecdsa" key algorithm + and key size of 2048 will be used for "rsa" key algorithm. + enum: + - rsa + - ecdsa + type: string + keyEncoding: + description: KeyEncoding is the private key cryptography standards (PKCS) + for this certificate's private key to be encoded in. If provided, + allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, + respectively. If KeyEncoding is not specified, then PKCS#1 will be + used by default. + enum: + - pkcs1 + - pkcs8 + type: string + keySize: + description: KeySize is the key bit size of the corresponding private + key for this certificate. If provided, value must be between 2048 + and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa", + and value must be one of (256, 384, 521) when KeyAlgorithm is set + to "ecdsa". + type: integer + organization: + description: Organization is the organization to be used on the Certificate + items: + type: string + type: array + renewBefore: + description: Certificate renew before expiration duration + type: string + secretName: + description: SecretName is the name of the secret resource to store + this secret in + type: string + uriSANs: + description: URISANs is a list of URI Subject Alternative Names to be + set on this Certificate. + items: + type: string + type: array + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + - secretName + type: object + status: + description: CertificateStatus defines the observed state of Certificate + properties: + conditions: + items: + description: CertificateCondition contains condition information for + an Certificate. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + lastFailureTime: + format: date-time + type: string + notAfter: + description: The expiration time of the certificate stored in the secret + named by this resource in spec.secretName. + format: date-time + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml new file mode 100644 index 0000000000..32c452b7c2 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml @@ -0,0 +1,1369 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: challenges.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.dnsName + name: Domain + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: acme.cert-manager.io + names: + kind: Challenge + listKind: ChallengeList + plural: challenges + singular: challenge + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Challenge is a type to represent a Challenge request with an ACME + server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authzURL: + description: AuthzURL is the URL to the ACME Authorization resource + that this challenge is a part of. + type: string + dnsName: + description: DNSName is the identifier that this challenge is for, e.g. + example.com. + type: string + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Challenge. If the Issuer does + not exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Challenge will be marked + as failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + key: + description: Key is the ACME challenge key for this challenge + type: string + solver: + description: Solver contains the domain solving configuration that should + be used to solve this challenge resource. Only **one** of 'config' + or 'solver' may be specified, and if both are specified then no action + will be performed on the Challenge resource. + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure containing + the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure containing + the DNS configuration for Akamai DNS—Zone Record Management + API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a structure + containing the DNS configuration for DigitalOcean Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure containing + the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting RFC2136. + Required. Note: FQDN is not a valid value, only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the DNS supporting + RFC2136. Used only when ""tsigSecretSecretRef"" and ""tsigKeyName"" + are defined. Supported values are (case-insensitive): + ""HMACMD5"" (default), ""HMACSHA1"", ""HMACSHA256"" or + ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. If + ""tsigSecretSecretRef"" is defined, this field is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the TSIG + value. If ""tsigKeyName"" is defined, this field is required. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure containing + the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only this + zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName + api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 provider + will assume using either the explicit credentials AccessKeyID/SecretAccessKey + or the inferred credentials from environment variables, + shared credentials file or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies configuration + for a webhook DNS01 provider, including where to POST ChallengePayload + resources. + properties: + config: + description: Additional configuration that should be passed + to the webhook apiserver when challenges are processed. + This can contain arbitrary JSON data. Secret values should + not be specified in this stanza. If secret values are + needed (e.g. credentials for a DNS service), you should + use a SecretKeySelector to reference a Secret resource. + For details on the schema of this field, consult the webhook + provider implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used when + POSTing ChallengePayload resources to the webhook apiserver. + This should be the same as the GroupName specified in + the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined in + the webhook provider implementation. This will typically + be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration detailing + how to solve HTTP01 challenges within a Kubernetes cluster. Typically + this is accomplished through creating 'routes' of some description + that configure ingress controllers to direct traffic to 'solver + pods', which are responsible for responding to the ACME server's + HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver will + solve challenges by creating or modifying Ingress resources + in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating Ingress + resources to solve ACME challenges that use this challenge + solver. Only one of 'class' or 'name' may be specified. + type: string + name: + description: The name of the ingress resource that should + have ACME challenge solving routes inserted into it in + order to solve HTTP01 challenges. This is typically used + in conjunction with ingress controllers like ingress-gce, + which maintains a 1:1 mapping between external IPs and + ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure the + ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod used to + solve HTTP01 challenges. Only the 'labels' and 'annotations' + fields may be set. If labels or annotations overlap + with in-built values, the values here will override + the in-built values. + type: object + spec: + description: PodSpec defines overrides for the HTTP01 + challenge solver pod. Only the 'nodeSelector', 'affinity' + and 'tolerations' fields are supported currently. + All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no + objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to an update), the system may or may + not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches + the corresponding podAffinityTerm; the + node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by + this field, but it may choose a node that + violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of the + scheduling requirements (resource request, + requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and + adding "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector + which must match a node''s labels for the pod + to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means to + match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists + and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By + default, it is not set, which means tolerate + the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator is + Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes solver + service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be used + to solve. If specified and a match is found, a dnsNames selector + will take precedence over a dnsZones selector. If multiple + solvers match with the same dnsNames value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be used + to solve. The most specific DNS zone match specified here + will take precedence over other DNS zone matches, so a solver + specifying sys.example.com will be selected over one specifying + example.com for the domain www.sys.example.com. If multiple + solvers match with the same dnsZones value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the set + of certificate's that this challenge solver will apply to. + type: object + type: object + type: object + token: + description: Token is the ACME challenge token for this challenge. + type: string + type: + description: Type is the type of ACME challenge this resource represents, + e.g. "dns01" or "http01" + type: string + url: + description: URL is the URL of the ACME Challenge resource for this + challenge. This can be used to lookup details about the status of + this challenge. + type: string + wildcard: + description: Wildcard will be true if this challenge is for a wildcard + identifier, for example '*.example.com' + type: boolean + required: + - authzURL + - dnsName + - issuerRef + - key + - token + - type + - url + type: object + status: + properties: + presented: + description: Presented will be set to true if the challenge values for + this challenge are currently 'presented'. This *does not* imply the + self check is passing. Only that the values have been 'submitted' + for the appropriate challenge mechanism (i.e. the DNS01 TXT record + has been presented, or the HTTP01 configuration has been configured). + type: boolean + processing: + description: Processing is used to denote whether this challenge should + be processed or not. This field will only be set to true by the 'scheduling' + component. It will only be set to false by the 'challenges' controller, + after the challenge has reached a final state or timed out. If this + field is set to false, the challenge controller will not take any + more action. + type: boolean + reason: + description: Reason contains human readable information on why the Challenge + is in the current state. + type: string + state: + description: State contains the current 'state' of the challenge. If + not set, the state of the challenge is unknown. + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + type: object + required: + - metadata + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml new file mode 100644 index 0000000000..7691a8e2fd --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml @@ -0,0 +1,1655 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterissuers.cert-manager.io +spec: + group: cert-manager.io + names: + kind: ClusterIssuer + listKind: ClusterIssuerList + plural: clusterissuers + singular: clusterissuer + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ""tsigSecretSecretRef"" + and ""tsigKeyName"" are defined. Supported values + are (case-insensitive): ""HMACMD5"" (default), ""HMACSHA1"", + ""HMACSHA256"" or ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ""tsigSecretSecretRef"" is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ""tsigKeyName"" is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The value here will be used as part of the + path used when authenticating with vault, for example + if you set a value of "foo", the path used will be "/v1/auth/foo/login". + If unspecified, the default value "kubernetes" will be + used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + - url + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certifiate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml new file mode 100644 index 0000000000..d529bff171 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml @@ -0,0 +1,1655 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: issuers.cert-manager.io +spec: + group: cert-manager.io + names: + kind: Issuer + listKind: IssuerList + plural: issuers + singular: issuer + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ""tsigSecretSecretRef"" + and ""tsigKeyName"" are defined. Supported values + are (case-insensitive): ""HMACMD5"" (default), ""HMACSHA1"", + ""HMACSHA256"" or ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ""tsigSecretSecretRef"" is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ""tsigKeyName"" is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The value here will be used as part of the + path used when authenticating with vault, for example + if you set a value of "foo", the path used will be "/v1/auth/foo/login". + If unspecified, the default value "kubernetes" will be + used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + - url + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certifiate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml new file mode 100644 index 0000000000..12b262c51e --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml @@ -0,0 +1,200 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: orders.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: acme.cert-manager.io + names: + kind: Order + listKind: OrderList + plural: orders + singular: order + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Order is a type to represent an Order with an ACME server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: CommonName is the common name as specified on the DER encoded + CSR. If CommonName is not specified, the first DNSName specified will + be used as the CommonName. At least one of CommonName or a DNSNames + must be set. This field must match the corresponding field on the + DER encoded CSR. + type: string + csr: + description: Certificate signing request bytes in DER encoding. This + will be used when finalizing the order. This field must be set on + the order. + format: byte + type: string + dnsNames: + description: DNSNames is a list of DNS names that should be included + as part of the Order validation process. If CommonName is not specified, + the first DNSName specified will be used as the CommonName. At least + one of CommonName or a DNSNames must be set. This field must match + the corresponding field on the DER encoded CSR. + items: + type: string + type: array + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Order. If the Issuer does not + exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Order will be marked as + failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + required: + - csr + - issuerRef + type: object + status: + properties: + authorizations: + description: Authorizations contains data returned from the ACME server + on what authoriations must be completed in order to validate the DNS + names specified on the Order. + items: + description: ACMEAuthorization contains data returned from the ACME + server on an authorization that must be completed in order validate + a DNS name on an ACME Order resource. + properties: + challenges: + description: Challenges specifies the challenge types offered + by the ACME server. One of these challenge types will be selected + when validating the DNS name and an appropriate Challenge resource + will be created to perform the ACME challenge process. + items: + description: Challenge specifies a challenge offered by the + ACME server for an Order. An appropriate Challenge resource + can be created to perform the ACME challenge process. + properties: + token: + description: Token is the token that must be presented for + this challenge. This is used to compute the 'key' that + must also be presented. + type: string + type: + description: Type is the type of challenge being offered, + e.g. http-01, dns-01 + type: string + url: + description: URL is the URL of this challenge. It can be + used to retrieve additional metadata about the Challenge + from the ACME server. + type: string + required: + - token + - type + - url + type: object + type: array + identifier: + description: Identifier is the DNS name to be validated as part + of this authorization + type: string + url: + description: URL is the URL of the Authorization that must be + completed + type: string + wildcard: + description: Wildcard will be true if this authorization is for + a wildcard DNS name. If this is true, the identifier will be + the *non-wildcard* version of the DNS name. For example, if + '*.example.com' is the DNS name being validated, this field + will be 'true' and the 'identifier' field will be 'example.com'. + type: boolean + required: + - url + type: object + type: array + certificate: + description: Certificate is a copy of the PEM encoded certificate for + this Order. This field will be populated after the order has been + successfully finalized with the ACME server, and the order has transitioned + to the 'valid' state. + format: byte + type: string + failureTime: + description: FailureTime stores the time that this order failed. This + is used to influence garbage collection and back-off. + format: date-time + type: string + finalizeURL: + description: FinalizeURL of the Order. This is used to obtain certificates + for this order once it has been completed. + type: string + reason: + description: Reason optionally provides more information about a why + the order is in the current state. + type: string + state: + description: State contains the current state of this Order resource. + States 'success' and 'expired' are 'final' + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + url: + description: URL of the Order. This will initially be empty when the + resource is first created. The Order controller will populate this + field when the Order is first processed. This field will be immutable + after it is initially set. + type: string + type: object + required: + - metadata + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/openshift/application/cert-manager-kube-system-resources/kustomize_test.go b/tests/stacks/openshift/application/cert-manager-kube-system-resources/kustomize_test.go new file mode 100644 index 0000000000..df06a7fe6f --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-kube-system-resources/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager_kube_system_resources + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/cert-manager-kube-system-resources", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml new file mode 100644 index 0000000000..c37a3b7497 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: cainjector + kustomize.component: cert-manager + name: cert-manager-cainjector:leaderelection + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - patch diff --git a/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml new file mode 100644 index 0000000000..542fbcbd59 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: cert-manager + kustomize.component: cert-manager + name: cert-manager:leaderelection + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - patch diff --git a/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml new file mode 100644 index 0000000000..a47a2fe74f --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: cainjector + kustomize.component: cert-manager + name: cert-manager-cainjector:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager-cainjector:leaderelection +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml new file mode 100644 index 0000000000..f7ec38a254 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: webhook + kustomize.component: cert-manager + name: cert-manager-webhook:webhook-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml new file mode 100644 index 0000000000..25a7fde904 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: cert-manager + kustomize.component: cert-manager + name: cert-manager:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager:leaderelection +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml new file mode 100644 index 0000000000..d8e47f2a94 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + certManagerNamespace: cert-manager +kind: ConfigMap +metadata: + labels: + kustomize.component: cert-manager + name: cert-manager-kube-params-parameters + namespace: kube-system diff --git a/tests/stacks/openshift/application/cert-manager/kustomize_test.go b/tests/stacks/openshift/application/cert-manager/kustomize_test.go new file mode 100644 index 0000000000..829756a53a --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/cert-manager", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml new file mode 100644 index 0000000000..93e06c4304 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml @@ -0,0 +1,35 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-apiserver-ca: "true" + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook +webhooks: +- clientConfig: + caBundle: "" + service: + name: kubernetes + namespace: default + path: /apis/webhook.cert-manager.io/v1beta1/mutations + failurePolicy: Fail + name: webhook.cert-manager.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - certificates + - issuers + - clusterissuers + - orders + - challenges + - certificaterequests diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml new file mode 100644 index 0000000000..36a2524012 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml @@ -0,0 +1,34 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-apiserver-ca: "true" + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook +webhooks: +- clientConfig: + caBundle: "" + service: + name: kubernetes + namespace: default + path: /apis/webhook.cert-manager.io/v1beta1/validations + failurePolicy: Fail + name: webhook.certmanager.k8s.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - certificates + - issuers + - clusterissuers + - certificaterequests + sideEffects: None diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml new file mode 100644 index 0000000000..21cdee5406 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: v1beta1.webhook.cert-manager.io +spec: + group: webhook.cert-manager.io + groupPriorityMinimum: 1000 + service: + name: cert-manager-webhook + namespace: cert-manager + version: v1beta1 + versionPriority: 15 diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml new file mode 100644 index 0000000000..09a9cfab99 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml @@ -0,0 +1,41 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + addOwnerRef: true + componentKinds: + - group: rbac + kind: ClusterRole + - group: rbac + kind: ClusterRoleBinding + - group: core + kind: Namespace + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Automatically provision and manage TLS certificates in Kubernetes + https://jetstack.io. + keywords: + - cert-manager + links: + - description: About + url: https://github.com/jetstack/cert-manager + type: "" + version: v0.10.0 + selector: + matchLabels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: cert-manager + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..6ae84bc8c0 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: null + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-cainjector:v0.11.0 + imagePullPolicy: IfNotPresent + name: cainjector + resources: {} + serviceAccountName: cert-manager-cainjector diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml new file mode 100644 index 0000000000..33ab9729d5 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: null + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --secure-port=6443 + - --tls-cert-file=/certs/tls.crt + - --tls-private-key-file=/certs/tls.key + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-webhook:v0.11.0 + imagePullPolicy: IfNotPresent + name: cert-manager + resources: {} + volumeMounts: + - mountPath: /certs + name: certs + serviceAccountName: cert-manager-webhook + volumes: + - name: certs + secret: + secretName: cert-manager-webhook-tls diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml new file mode 100644 index 0000000000..8a116d7b30 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "9402" + prometheus.io/scrape: "true" + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --webhook-namespace=$(POD_NAMESPACE) + - --webhook-ca-secret=cert-manager-webhook-ca + - --webhook-serving-secret=cert-manager-webhook-tls + - --webhook-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-controller:v0.11.0 + imagePullPolicy: IfNotPresent + name: cert-manager + ports: + - containerPort: 9402 + resources: + requests: + cpu: 10m + memory: 32Mi + serviceAccountName: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml new file mode 100644 index 0000000000..2a25e06d49 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: kubeflow-self-signing-issuer + namespace: cert-manager +spec: + selfSigned: {} diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml new file mode 100644 index 0000000000..6ce5b8e0cc --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cert-manager-edit +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml new file mode 100644 index 0000000000..f62a08529b --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cert-manager-view +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml new file mode 100644 index 0000000000..b0d464bfd5 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook:webhook-requester +rules: +- apiGroups: + - admission.cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + - clusterissuers + verbs: + - create diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..ce897a6a3b --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - create + - update + - patch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - update diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml new file mode 100644 index 0000000000..ad80b32de5 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml @@ -0,0 +1,64 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-certificates +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificates/status + - certificaterequests + - certificaterequests/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates/finalizers + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml new file mode 100644 index 0000000000..fb0a1201cf --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml @@ -0,0 +1,86 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-challenges +rules: +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - issuers + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - extensions + - networking.k8s.io/v1 + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml new file mode 100644 index 0000000000..bea275aa9c --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-clusterissuers +rules: +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml new file mode 100644 index 0000000000..a276b13742 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-ingress-shim +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + verbs: + - create + - update + - delete +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io/v1 + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io/v1 + resources: + - ingresses/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml new file mode 100644 index 0000000000..13b98eeaae --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-issuers +rules: +- apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml new file mode 100644 index 0000000000..d5f2de3e1b --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-orders +rules: +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - challenges + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete +- apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..bd1d73f13b --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-cainjector +subjects: +- kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml new file mode 100644 index 0000000000..80792a8f24 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-certificates +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-certificates +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml new file mode 100644 index 0000000000..7ee5331ba6 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-challenges +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-challenges +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml new file mode 100644 index 0000000000..bbc5ee440a --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-clusterissuers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-clusterissuers +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml new file mode 100644 index 0000000000..6a79270953 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-ingress-shim +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-ingress-shim +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml new file mode 100644 index 0000000000..854ffd11fe --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-issuers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-issuers +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml new file mode 100644 index 0000000000..137f15e731 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-orders +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-orders +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml new file mode 100644 index 0000000000..b19073be57 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml new file mode 100644 index 0000000000..f40a39080a --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + namespace: cert-manager +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-parameters + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml new file mode 100644 index 0000000000..d0a3fd2d22 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml new file mode 100644 index 0000000000..adb10f9073 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager +spec: + ports: + - name: https + port: 443 + targetPort: 6443 + selector: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + type: ClusterIP diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml new file mode 100644 index 0000000000..b25a401652 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + ports: + - port: 9402 + protocol: TCP + targetPort: 9402 + selector: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + type: ClusterIP diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..e71b15aaa6 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml new file mode 100644 index 0000000000..11c24d45c8 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml new file mode 100644 index 0000000000..882e257d96 --- /dev/null +++ b/tests/stacks/openshift/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/openshift/application/istio-stack/kustomize_test.go b/tests/stacks/openshift/application/istio-stack/kustomize_test.go new file mode 100644 index 0000000000..9544f2f191 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/kustomize_test.go @@ -0,0 +1,15 @@ +package istio_stack + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/istio-stack", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..45f3d51ee0 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + release: istio + name: istio-sidecar-injector +webhooks: +- clientConfig: + caBundle: "" + service: + name: istio-sidecar-injector + namespace: istio-system + path: /inject + failurePolicy: Fail + name: sidecar-injector.istio.io + namespaceSelector: + matchLabels: + istio-injection: enabled + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml new file mode 100644 index 0000000000..306a83db93 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: adapter + release: istio + name: adapters.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: adapter + plural: adapters + singular: adapter + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_apikeys.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_apikeys.config.istio.io.yaml new file mode 100644 index 0000000000..d0385f0e48 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_apikeys.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: apikey + release: istio + name: apikeys.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: apikey + plural: apikeys + singular: apikey + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml new file mode 100644 index 0000000000..b904f823e8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: core + package: istio.io.mixer + release: istio + name: attributemanifests.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: attributemanifest + plural: attributemanifests + singular: attributemanifest + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizations.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizations.config.istio.io.yaml new file mode 100644 index 0000000000..e7f9bb2ca1 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizations.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: authorization + release: istio + name: authorizations.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: authorization + plural: authorizations + singular: authorization + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_bypasses.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_bypasses.config.istio.io.yaml new file mode 100644 index 0000000000..5d853a10d2 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_bypasses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: bypass + release: istio + name: bypasses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: bypass + plural: bypasses + singular: bypass + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..188a1093cd --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml @@ -0,0 +1,43 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: certificates.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.secretName + name: Secret + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Certificate + plural: certificates + shortNames: + - cert + - certs + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..08e76be423 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: challenges.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.dnsName + name: Domain + type: string + - JSONPath: .status.reason + name: Reason + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Challenge + plural: challenges + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_checknothings.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_checknothings.config.istio.io.yaml new file mode 100644 index 0000000000..f31fc2477e --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_checknothings.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: checknothing + release: istio + name: checknothings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: checknothing + plural: checknothings + singular: checknothing + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_circonuses.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_circonuses.config.istio.io.yaml new file mode 100644 index 0000000000..e5b7194645 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_circonuses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: circonus + release: istio + name: circonuses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: circonus + plural: circonuses + singular: circonus + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudwatches.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudwatches.config.istio.io.yaml new file mode 100644 index 0000000000..0c2c35ff0c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudwatches.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + istio: mixer-adapter + package: cloudwatch + name: cloudwatches.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: cloudwatch + plural: cloudwatches + singular: cloudwatch + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..dea35ef84c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: clusterissuers.certmanager.k8s.io +spec: + group: certmanager.k8s.io + names: + kind: ClusterIssuer + plural: clusterissuers + scope: Cluster + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml new file mode 100644 index 0000000000..366c18ebc7 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + heritage: Tiller + istio: rbac + release: istio + name: clusterrbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ClusterRbacConfig + plural: clusterrbacconfigs + singular: clusterrbacconfig + scope: Cluster + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_deniers.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_deniers.config.istio.io.yaml new file mode 100644 index 0000000000..9d89ab9c83 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_deniers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: denier + release: istio + name: deniers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: denier + plural: deniers + singular: denier + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml new file mode 100644 index 0000000000..044b9a80e7 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: destinationrules.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.host + description: The name of a service from the service registry + name: Host + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: DestinationRule + listKind: DestinationRuleList + plural: destinationrules + shortNames: + - dr + singular: destinationrule + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_dogstatsds.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_dogstatsds.config.istio.io.yaml new file mode 100644 index 0000000000..3e6d9dc8ef --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_dogstatsds.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + istio: mixer-adapter + package: dogstatsd + name: dogstatsds.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: dogstatsd + plural: dogstatsds + singular: dogstatsd + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_edges.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_edges.config.istio.io.yaml new file mode 100644 index 0000000000..65099a24de --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_edges.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: edge + release: istio + name: edges.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: edge + plural: edges + singular: edge + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml new file mode 100644 index 0000000000..ed0739556e --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: envoyfilters.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: EnvoyFilter + plural: envoyfilters + singular: envoyfilter + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_fluentds.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_fluentds.config.istio.io.yaml new file mode 100644 index 0000000000..f3111ccc25 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_fluentds.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: fluentd + release: istio + name: fluentds.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: fluentd + plural: fluentds + singular: fluentd + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml new file mode 100644 index 0000000000..f7420c2f40 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: gateways.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Gateway + plural: gateways + shortNames: + - gw + singular: gateway + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml new file mode 100644 index 0000000000..dab8c75f1b --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-handler + package: handler + release: istio + name: handlers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: handler + plural: handlers + singular: handler + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml new file mode 100644 index 0000000000..1771daadae --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: httpapispecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpecBinding + plural: httpapispecbindings + singular: httpapispecbinding + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml new file mode 100644 index 0000000000..cbf2f79146 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: httpapispecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpec + plural: httpapispecs + singular: httpapispec + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml new file mode 100644 index 0000000000..9699fa820f --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: instance + release: istio + name: instances.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: instance + plural: instances + singular: instance + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..a0c186a1d1 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: issuers.certmanager.k8s.io +spec: + group: certmanager.k8s.io + names: + kind: Issuer + plural: issuers + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kubernetesenvs.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kubernetesenvs.config.istio.io.yaml new file mode 100644 index 0000000000..7b7da141af --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kubernetesenvs.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: kubernetesenv + release: istio + name: kubernetesenvs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: kubernetesenv + plural: kubernetesenvs + singular: kubernetesenv + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kuberneteses.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kuberneteses.config.istio.io.yaml new file mode 100644 index 0000000000..91693505d6 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kuberneteses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: adapter.template.kubernetes + release: istio + name: kuberneteses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: kubernetes + plural: kuberneteses + singular: kubernetes + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listcheckers.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listcheckers.config.istio.io.yaml new file mode 100644 index 0000000000..cf59ae38ca --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listcheckers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: listchecker + release: istio + name: listcheckers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: listchecker + plural: listcheckers + singular: listchecker + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listentries.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listentries.config.istio.io.yaml new file mode 100644 index 0000000000..04806a76c8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listentries.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: listentry + release: istio + name: listentries.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: listentry + plural: listentries + singular: listentry + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_logentries.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_logentries.config.istio.io.yaml new file mode 100644 index 0000000000..d1d561e6da --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_logentries.config.istio.io.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: logentry + release: istio + name: logentries.config.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.severity + description: The importance of the log entry + name: Severity + type: string + - JSONPath: .spec.timestamp + description: The time value for the log entry + name: Timestamp + type: string + - JSONPath: .spec.monitored_resource_type + description: Optional expression to compute the type of the monitored resource + this log entry is being recorded on + name: Res Type + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: logentry + plural: logentries + singular: logentry + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_memquotas.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_memquotas.config.istio.io.yaml new file mode 100644 index 0000000000..c36d6a5e64 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_memquotas.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: memquota + release: istio + name: memquotas.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: memquota + plural: memquotas + singular: memquota + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml new file mode 100644 index 0000000000..56fcaeb04d --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-citadel + chart: istio + heritage: Tiller + release: istio + name: meshpolicies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: MeshPolicy + listKind: MeshPolicyList + plural: meshpolicies + singular: meshpolicy + scope: Cluster + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.config.istio.io.yaml new file mode 100644 index 0000000000..19a4a519c0 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: metric + release: istio + name: metrics.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: metric + plural: metrics + singular: metric + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_noops.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_noops.config.istio.io.yaml new file mode 100644 index 0000000000..c8cadbd41e --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_noops.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: noop + release: istio + name: noops.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: noop + plural: noops + singular: noop + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_opas.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_opas.config.istio.io.yaml new file mode 100644 index 0000000000..9368360492 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_opas.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: opa + release: istio + name: opas.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: opa + plural: opas + singular: opa + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..06d5359def --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: orders.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Order + plural: orders + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml new file mode 100644 index 0000000000..b9933dfd96 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-citadel + chart: istio + heritage: Tiller + release: istio + name: policies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: Policy + plural: policies + singular: policy + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_prometheuses.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_prometheuses.config.istio.io.yaml new file mode 100644 index 0000000000..07d9e146fc --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_prometheuses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: prometheus + release: istio + name: prometheuses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: prometheus + plural: prometheuses + singular: prometheus + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotas.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotas.config.istio.io.yaml new file mode 100644 index 0000000000..df929bfdd9 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotas.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: quota + release: istio + name: quotas.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: quota + plural: quotas + singular: quota + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml new file mode 100644 index 0000000000..7434f2f66d --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: quotaspecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpecBinding + plural: quotaspecbindings + singular: quotaspecbinding + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml new file mode 100644 index 0000000000..53d48ab742 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: quotaspecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpec + plural: quotaspecs + singular: quotaspec + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml new file mode 100644 index 0000000000..7883b0d7c3 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: rbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: RbacConfig + plural: rbacconfigs + singular: rbacconfig + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacs.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacs.config.istio.io.yaml new file mode 100644 index 0000000000..a197d882a7 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacs.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: rbac + release: istio + name: rbacs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: rbac + plural: rbacs + singular: rbac + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisquotas.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisquotas.config.istio.io.yaml new file mode 100644 index 0000000000..15158d0df6 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisquotas.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: redisquota + release: istio + name: redisquotas.config.istio.io +spec: + group: config.istio.io + names: + kind: redisquota + plural: redisquotas + singular: redisquota + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_reportnothings.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_reportnothings.config.istio.io.yaml new file mode 100644 index 0000000000..899806b3a6 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_reportnothings.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: reportnothing + release: istio + name: reportnothings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: reportnothing + plural: reportnothings + singular: reportnothing + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml new file mode 100644 index 0000000000..40b5a703e5 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: core + package: istio.io.mixer + release: istio + name: rules.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: rule + plural: rules + singular: rule + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml new file mode 100644 index 0000000000..db8fa18cb8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml @@ -0,0 +1,46 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: serviceentries.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.hosts + description: The hosts associated with the ServiceEntry + name: Hosts + type: string + - JSONPath: .spec.location + description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL + or MESH_INTERNAL) + name: Location + type: string + - JSONPath: .spec.resolution + description: Service discovery mode for the hosts (NONE, STATIC, or DNS) + name: Resolution + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: ServiceEntry + listKind: ServiceEntryList + plural: serviceentries + shortNames: + - se + singular: serviceentry + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml new file mode 100644 index 0000000000..6228a334b0 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: servicerolebindings.rbac.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.roleRef.name + description: The name of the ServiceRole object being referenced + name: Reference + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRoleBinding + plural: servicerolebindings + singular: servicerolebinding + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml new file mode 100644 index 0000000000..24d78ee506 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: serviceroles.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRole + plural: serviceroles + singular: servicerole + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml new file mode 100644 index 0000000000..059355b082 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: sidecars.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Sidecar + plural: sidecars + singular: sidecar + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_signalfxs.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_signalfxs.config.istio.io.yaml new file mode 100644 index 0000000000..dfe2f4c61e --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_signalfxs.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: signalfx + release: istio + name: signalfxs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: signalfx + plural: signalfxs + singular: signalfx + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_solarwindses.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_solarwindses.config.istio.io.yaml new file mode 100644 index 0000000000..6b758b40d9 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_solarwindses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: solarwinds + release: istio + name: solarwindses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: solarwinds + plural: solarwindses + singular: solarwinds + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stackdrivers.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stackdrivers.config.istio.io.yaml new file mode 100644 index 0000000000..c3e9b39dcd --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stackdrivers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: stackdriver + release: istio + name: stackdrivers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: stackdriver + plural: stackdrivers + singular: stackdriver + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_statsds.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_statsds.config.istio.io.yaml new file mode 100644 index 0000000000..7b3da3e069 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_statsds.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: statsd + release: istio + name: statsds.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: statsd + plural: statsds + singular: statsd + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stdios.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stdios.config.istio.io.yaml new file mode 100644 index 0000000000..1918fa9b19 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stdios.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: stdio + release: istio + name: stdios.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: stdio + plural: stdios + singular: stdio + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml new file mode 100644 index 0000000000..60c365f949 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-template + package: template + release: istio + name: templates.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: template + plural: templates + singular: template + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tracespans.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tracespans.config.istio.io.yaml new file mode 100644 index 0000000000..677ffc60bb --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tracespans.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: tracespan + release: istio + name: tracespans.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: tracespan + plural: tracespans + singular: tracespan + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml new file mode 100644 index 0000000000..fa7f9a0d80 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml @@ -0,0 +1,41 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: virtualservices.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.gateways + description: The names of gateways and sidecars that should apply these routes + name: Gateways + type: string + - JSONPath: .spec.hosts + description: The destination hosts to which traffic is being sent + name: Hosts + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: VirtualService + listKind: VirtualServiceList + plural: virtualservices + shortNames: + - vs + singular: virtualservice + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_zipkins.config.istio.io.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_zipkins.config.istio.io.yaml new file mode 100644 index 0000000000..cfd1f91152 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_zipkins.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + istio: mixer-adapter + package: zipkin + name: zipkins.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: zipkin + plural: zipkins + singular: zipkin + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_grafana.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_grafana.yaml new file mode 100644 index 0000000000..b4fba3181f --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_grafana.yaml @@ -0,0 +1,152 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: grafana + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - env: + - name: GRAFANA_PORT + value: "3000" + - name: GF_AUTH_BASIC_ENABLED + value: "false" + - name: GF_AUTH_ANONYMOUS_ENABLED + value: "true" + - name: GF_AUTH_ANONYMOUS_ORG_ROLE + value: Admin + - name: GF_PATHS_DATA + value: /data/grafana + image: grafana/grafana:6.0.2 + imagePullPolicy: IfNotPresent + name: grafana + ports: + - containerPort: 3000 + readinessProbe: + httpGet: + path: /login + port: 3000 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /data/grafana + name: data + - mountPath: /var/lib/grafana/dashboards/istio/galley-dashboard.json + name: dashboards-istio-galley-dashboard + readOnly: true + subPath: galley-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-mesh-dashboard.json + name: dashboards-istio-istio-mesh-dashboard + readOnly: true + subPath: istio-mesh-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-performance-dashboard.json + name: dashboards-istio-istio-performance-dashboard + readOnly: true + subPath: istio-performance-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-service-dashboard.json + name: dashboards-istio-istio-service-dashboard + readOnly: true + subPath: istio-service-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-workload-dashboard.json + name: dashboards-istio-istio-workload-dashboard + readOnly: true + subPath: istio-workload-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/mixer-dashboard.json + name: dashboards-istio-mixer-dashboard + readOnly: true + subPath: mixer-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/pilot-dashboard.json + name: dashboards-istio-pilot-dashboard + readOnly: true + subPath: pilot-dashboard.json + - mountPath: /etc/grafana/provisioning/datasources/datasources.yaml + name: config + subPath: datasources.yaml + - mountPath: /etc/grafana/provisioning/dashboards/dashboardproviders.yaml + name: config + subPath: dashboardproviders.yaml + securityContext: + fsGroup: 472 + runAsUser: 472 + volumes: + - configMap: + name: istio-grafana + name: config + - emptyDir: {} + name: data + - configMap: + name: istio-grafana-configuration-dashboards-galley-dashboard + name: dashboards-istio-galley-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-mesh-dashboard + name: dashboards-istio-istio-mesh-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-performance-dashboard + name: dashboards-istio-istio-performance-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-service-dashboard + name: dashboards-istio-istio-service-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-workload-dashboard + name: dashboards-istio-istio-workload-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-mixer-dashboard + name: dashboards-istio-mixer-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-pilot-dashboard + name: dashboards-istio-pilot-dashboard diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml new file mode 100644 index 0000000000..8cf48324fd --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml @@ -0,0 +1,90 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + name: istio-citadel + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --append-dns-names=true + - --grpc-port=8060 + - --grpc-hostname=citadel + - --citadel-storage-namespace=istio-system + - --custom-dns-names=istio-pilot-service-account.istio-system:istio-pilot.istio-system + - --monitoring-port=15014 + - --self-signed-ca=true + image: docker.io/istio/citadel:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: citadel + resources: + requests: + cpu: 10m + serviceAccountName: istio-citadel-service-account diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-egressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-egressgateway.yaml new file mode 100644 index 0000000000..82a3fce5a3 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-egressgateway.yaml @@ -0,0 +1,171 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + selector: + matchLabels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --connectTimeout + - 10s + - --serviceCluster + - istio-egressgateway + - --zipkinAddress + - zipkin:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot:15010 + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 80 + - containerPort: 443 + - containerPort: 15443 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/istio/egressgateway-certs + name: egressgateway-certs + readOnly: true + - mountPath: /etc/istio/egressgateway-ca-certs + name: egressgateway-ca-certs + readOnly: true + serviceAccountName: istio-egressgateway-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-egressgateway-service-account + - name: egressgateway-certs + secret: + optional: true + secretName: istio-egressgateway-certs + - name: egressgateway-ca-certs + secret: + optional: true + secretName: istio-egressgateway-ca-certs diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml new file mode 100644 index 0000000000..9bdf1a9c23 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /usr/local/bin/galley + - server + - --meshConfigFile=/etc/mesh-config/mesh + - --livenessProbeInterval=1s + - --livenessProbePath=/healthliveness + - --readinessProbePath=/healthready + - --readinessProbeInterval=1s + - --deployment-namespace=istio-system + - --insecure=true + - --validation-webhook-config-file + - /etc/config/validatingwebhookconfiguration.yaml + - --monitoringPort=15014 + - --log_output_level=default:info + - --enable-validation=true + image: docker.io/istio/galley:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /usr/local/bin/galley + - probe + - --probe-path=/healthliveness + - --interval=10s + initialDelaySeconds: 5 + periodSeconds: 5 + name: galley + ports: + - containerPort: 443 + - containerPort: 15014 + - containerPort: 9901 + readinessProbe: + exec: + command: + - /usr/local/bin/galley + - probe + - --probe-path=/healthready + - --interval=10s + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/certs + name: certs + readOnly: true + - mountPath: /etc/config + name: config + readOnly: true + - mountPath: /etc/mesh-config + name: mesh-config + readOnly: true + serviceAccountName: istio-galley-service-account + volumes: + - name: certs + secret: + secretName: istio.istio-galley-service-account + - configMap: + name: istio-galley-configuration + name: config + - configMap: + name: istio + name: mesh-config diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml new file mode 100644 index 0000000000..01d4547b36 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml @@ -0,0 +1,177 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + selector: + matchLabels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --connectTimeout + - 10s + - --serviceCluster + - istio-ingressgateway + - --zipkinAddress + - zipkin:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot:15010 + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15020 + - containerPort: 80 + - containerPort: 443 + - containerPort: 31400 + - containerPort: 15029 + - containerPort: 15030 + - containerPort: 15031 + - containerPort: 15032 + - containerPort: 15443 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-certs + name: ingressgateway-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-ca-certs + name: ingressgateway-ca-certs + readOnly: true + serviceAccountName: istio-ingressgateway-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-ingressgateway-service-account + - name: ingressgateway-certs + secret: + optional: true + secretName: istio-ingressgateway-certs + - name: ingressgateway-ca-certs + secret: + optional: true + secretName: istio-ingressgateway-ca-certs diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml new file mode 100644 index 0000000000..3eaa8c4269 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml @@ -0,0 +1,175 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + checksum/config-volume: f8da08b6b8c170dde721efd680270b2901e750d4aa186ebb6c22bef5b78a43f9 + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + selector: + matchLabels: + istio: pilot + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - discovery + - --monitoringAddr=:15014 + - --log_output_level=default:info + - --domain + - cluster.local + - --secureGrpcAddr + - "" + - --keepaliveMaxServerConnectionAge + - 30m + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: GODEBUG + value: gctrace=1 + - name: PILOT_PUSH_THROTTLE + value: "100" + - name: PILOT_TRACE_SAMPLING + value: "100" + - name: PILOT_DISABLE_XDS_MARSHALING_TO_ANY + value: "1" + image: docker.io/istio/pilot:1.1.6 + imagePullPolicy: IfNotPresent + name: discovery + ports: + - containerPort: 8080 + - containerPort: 15010 + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 10m + memory: 100Mi + volumeMounts: + - mountPath: /etc/istio/config + name: config-volume + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-pilot + - --templateFile + - /etc/istio/proxy/envoy_pilot.yaml.tmpl + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15003 + - containerPort: 15005 + - containerPort: 15007 + - containerPort: 15011 + resources: + limits: + cpu: 2000m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + serviceAccountName: istio-pilot-service-account + volumes: + - configMap: + name: istio + name: config-volume + - name: istio-certs + secret: + optional: true + secretName: istio.istio-pilot-service-account diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml new file mode 100644 index 0000000000..204884f48a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml @@ -0,0 +1,168 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-policy + namespace: istio-system +spec: + selector: + matchLabels: + istio: mixer + istio-mixer-type: policy + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: policy + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: policy + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --monitoringPort=15014 + - --address + - unix:///sock/mixer.socket + - --log_output_level=default:info + - --configStoreURL=mcp://istio-galley.istio-system.svc:9901 + - --configDefaultNamespace=istio-system + - --useAdapterCRDs=true + - --trace_zipkin_url=http://zipkin:9411/api/v1/spans + env: + - name: GODEBUG + value: gctrace=1 + - name: GOMAXPROCS + value: "6" + image: docker.io/istio/mixer:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: mixer + ports: + - containerPort: 15014 + - containerPort: 42422 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /sock + name: uds-socket + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-policy + - --templateFile + - /etc/istio/proxy/envoy_policy.yaml.tmpl + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 9091 + - containerPort: 15004 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + resources: + limits: + cpu: 2000m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /sock + name: uds-socket + - mountPath: /var/run/secrets/istio.io/policy/adapter + name: policy-adapter-secret + readOnly: true + serviceAccountName: istio-mixer-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-mixer-service-account + - emptyDir: {} + name: uds-socket + - name: policy-adapter-secret + secret: + optional: true + secretName: policy-adapter-secret diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..a7d7af79d5 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml @@ -0,0 +1,125 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --caCertFile=/etc/istio/certs/root-cert.pem + - --tlsCertFile=/etc/istio/certs/cert-chain.pem + - --tlsKeyFile=/etc/istio/certs/key.pem + - --injectConfig=/etc/istio/inject/config + - --meshConfig=/etc/istio/config/mesh + - --healthCheckInterval=2s + - --healthCheckFile=/health + image: docker.io/istio/sidecar_injector:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /usr/local/bin/sidecar-injector + - probe + - --probe-path=/health + - --interval=4s + initialDelaySeconds: 4 + periodSeconds: 4 + name: sidecar-injector-webhook + readinessProbe: + exec: + command: + - /usr/local/bin/sidecar-injector + - probe + - --probe-path=/health + - --interval=4s + initialDelaySeconds: 4 + periodSeconds: 4 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/istio/config + name: config-volume + readOnly: true + - mountPath: /etc/istio/certs + name: certs + readOnly: true + - mountPath: /etc/istio/inject + name: inject-config + readOnly: true + serviceAccountName: istio-sidecar-injector-service-account + volumes: + - configMap: + name: istio + name: config-volume + - name: certs + secret: + secretName: istio.istio-sidecar-injector-service-account + - configMap: + items: + - key: config + path: config + name: istio-sidecar-injector + name: inject-config diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml new file mode 100644 index 0000000000..e848f4ba90 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml @@ -0,0 +1,172 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-telemetry + namespace: istio-system +spec: + selector: + matchLabels: + istio: mixer + istio-mixer-type: telemetry + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: telemetry + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: telemetry + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --monitoringPort=15014 + - --address + - unix:///sock/mixer.socket + - --log_output_level=default:info + - --configStoreURL=mcp://istio-galley.istio-system.svc:9901 + - --configDefaultNamespace=istio-system + - --useAdapterCRDs=true + - --trace_zipkin_url=http://zipkin:9411/api/v1/spans + - --averageLatencyThreshold + - 100ms + - --loadsheddingMode + - enforce + env: + - name: GODEBUG + value: gctrace=1 + - name: GOMAXPROCS + value: "6" + image: docker.io/istio/mixer:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: mixer + ports: + - containerPort: 15014 + - containerPort: 42422 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 50m + memory: 100Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /var/run/secrets/istio.io/telemetry/adapter + name: telemetry-adapter-secret + readOnly: true + - mountPath: /sock + name: uds-socket + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-telemetry + - --templateFile + - /etc/istio/proxy/envoy_telemetry.yaml.tmpl + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 9091 + - containerPort: 15004 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + resources: + limits: + cpu: 2000m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /sock + name: uds-socket + serviceAccountName: istio-mixer-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-mixer-service-account + - emptyDir: {} + name: uds-socket + - name: telemetry-adapter-secret + secret: + optional: true + secretName: telemetry-adapter-secret diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-tracing.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-tracing.yaml new file mode 100644 index 0000000000..a67c51e985 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_istio-tracing.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + name: istio-tracing + namespace: istio-system +spec: + selector: + matchLabels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + template: + metadata: + annotations: + prometheus.io/path: /jaeger/metrics + prometheus.io/port: "16686" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "50000" + - name: QUERY_BASE_PATH + value: /jaeger + image: docker.io/jaegertracing/all-in-one:1.9 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: / + port: 16686 + name: jaeger + ports: + - containerPort: 9411 + - containerPort: 16686 + - containerPort: 5775 + protocol: UDP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + readinessProbe: + httpGet: + path: / + port: 16686 + resources: + requests: + cpu: 10m diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_kiali.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_kiali.yaml new file mode 100644 index 0000000000..6bbccb9b25 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_kiali.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: kiali + template: + metadata: + annotations: + prometheus.io/port: "9090" + prometheus.io/scrape: "true" + scheduler.alpha.kubernetes.io/critical-pod: "" + sidecar.istio.io/inject: "false" + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /opt/kiali/kiali + - -config + - /kiali-configuration/config.yaml + - -v + - "4" + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PROMETHEUS_SERVICE_URL + value: http://prometheus:9090 + - name: SERVER_WEB_ROOT + value: /kiali + image: docker.io/kiali/kiali:v0.16 + name: kiali + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /kiali-configuration + name: kiali-configuration + - mountPath: /kiali-secret + name: kiali-secret + serviceAccountName: kiali-service-account + volumes: + - configMap: + name: kiali + name: kiali-configuration + - name: kiali-secret + secret: + optional: true + secretName: kiali diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_prometheus.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_prometheus.yaml new file mode 100644 index 0000000000..613cd2fe17 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/apps_v1_deployment_prometheus.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --storage.tsdb.retention=6h + - --config.file=/etc/prometheus/prometheus.yml + image: docker.io/prom/prometheus:v2.3.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + name: prometheus + ports: + - containerPort: 9090 + name: http + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/prometheus + name: config-volume + - mountPath: /etc/istio-certs + name: istio-certs + serviceAccountName: prometheus + volumes: + - configMap: + name: prometheus + name: config-volume + - name: istio-certs + secret: + defaultMode: 420 + secretName: istio.default diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-egressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-egressgateway.yaml new file mode 100644 index 0000000000..cdbeef32e3 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-egressgateway.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-egressgateway diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml new file mode 100644 index 0000000000..c5a6bdd2d8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-ingressgateway diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml new file mode 100644 index 0000000000..1c3bd0a78a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-pilot diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml new file mode 100644 index 0000000000..f33a22eeca --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-policy + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-policy diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml new file mode 100644 index 0000000000..8fc6b67d67 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-telemetry + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-telemetry diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-cleanup-secrets-1.1.6.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-cleanup-secrets-1.1.6.yaml new file mode 100644 index 0000000000..e3cf64d5b2 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-cleanup-secrets-1.1.6.yaml @@ -0,0 +1,72 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "3" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-1.1.6 + namespace: istio-system +spec: + template: + metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /bin/bash + - -c + - | + kubectl get secret --all-namespaces | grep "istio.io/key-and-cert" | while read -r entry; do + ns=$(echo $entry | awk '{print $1}'); + name=$(echo $entry | awk '{print $2}'); + kubectl delete secret $name -n $ns; + done + image: docker.io/istio/kubectl:1.1.6 + imagePullPolicy: IfNotPresent + name: kubectl + restartPolicy: OnFailure + serviceAccountName: istio-cleanup-secrets-service-account diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-grafana-post-install-1.1.6.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-grafana-post-install-1.1.6.yaml new file mode 100644 index 0000000000..79d95f8258 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-grafana-post-install-1.1.6.yaml @@ -0,0 +1,72 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: hook-succeeded + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-1.1.6 + namespace: istio-system +spec: + template: + metadata: + labels: + app: istio-grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /bin/bash + - /tmp/grafana/run.sh + - /tmp/grafana/custom-resources.yaml + image: docker.io/istio/kubectl:1.1.6 + name: kubectl + volumeMounts: + - mountPath: /tmp/grafana + name: tmp-configmap-grafana + restartPolicy: OnFailure + serviceAccountName: istio-grafana-post-install-account + volumes: + - configMap: + name: istio-grafana-custom-resources + name: tmp-configmap-grafana diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-security-post-install-1.1.6.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-security-post-install-1.1.6.yaml new file mode 100644 index 0000000000..f907dee1af --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/batch_v1_job_istio-security-post-install-1.1.6.yaml @@ -0,0 +1,73 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: hook-succeeded + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-1.1.6 + namespace: istio-system +spec: + template: + metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /bin/bash + - /tmp/security/run.sh + - /tmp/security/custom-resources.yaml + image: docker.io/istio/kubectl:1.1.6 + imagePullPolicy: IfNotPresent + name: kubectl + volumeMounts: + - mountPath: /tmp/security + name: tmp-configmap-security + restartPolicy: OnFailure + serviceAccountName: istio-security-post-install-account + volumes: + - configMap: + name: istio-security-custom-resources + name: tmp-configmap-security diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml new file mode 100644 index 0000000000..d475e6bc55 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml @@ -0,0 +1,138 @@ +apiVersion: config.istio.io/v1alpha2 +kind: attributemanifest +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istioproxy + namespace: istio-system +spec: + attributes: + api.operation: + valueType: STRING + api.protocol: + valueType: STRING + api.service: + valueType: STRING + api.version: + valueType: STRING + check.cache_hit: + valueType: BOOL + check.error_code: + valueType: INT64 + check.error_message: + valueType: STRING + connection.duration: + valueType: DURATION + connection.event: + valueType: STRING + connection.id: + valueType: STRING + connection.mtls: + valueType: BOOL + connection.received.bytes: + valueType: INT64 + connection.received.bytes_total: + valueType: INT64 + connection.requested_server_name: + valueType: STRING + connection.sent.bytes: + valueType: INT64 + connection.sent.bytes_total: + valueType: INT64 + context.protocol: + valueType: STRING + context.proxy_error_code: + valueType: STRING + context.reporter.kind: + valueType: STRING + context.reporter.local: + valueType: BOOL + context.reporter.uid: + valueType: STRING + context.time: + valueType: TIMESTAMP + context.timestamp: + valueType: TIMESTAMP + destination.port: + valueType: INT64 + destination.principal: + valueType: STRING + destination.uid: + valueType: STRING + origin.ip: + valueType: IP_ADDRESS + origin.uid: + valueType: STRING + origin.user: + valueType: STRING + quota.cache_hit: + valueType: BOOL + rbac.permissive.effective_policy_id: + valueType: STRING + rbac.permissive.response_code: + valueType: STRING + request.api_key: + valueType: STRING + request.auth.audiences: + valueType: STRING + request.auth.claims: + valueType: STRING_MAP + request.auth.presenter: + valueType: STRING + request.auth.principal: + valueType: STRING + request.auth.raw_claims: + valueType: STRING + request.headers: + valueType: STRING_MAP + request.host: + valueType: STRING + request.id: + valueType: STRING + request.method: + valueType: STRING + request.path: + valueType: STRING + request.query_params: + valueType: STRING_MAP + request.reason: + valueType: STRING + request.referer: + valueType: STRING + request.scheme: + valueType: STRING + request.size: + valueType: INT64 + request.time: + valueType: TIMESTAMP + request.total_size: + valueType: INT64 + request.url_path: + valueType: STRING + request.useragent: + valueType: STRING + response.code: + valueType: INT64 + response.duration: + valueType: DURATION + response.grpc_message: + valueType: STRING + response.grpc_status: + valueType: STRING + response.headers: + valueType: STRING_MAP + response.size: + valueType: INT64 + response.time: + valueType: TIMESTAMP + response.total_size: + valueType: INT64 + source.principal: + valueType: STRING + source.uid: + valueType: STRING + source.user: + valueType: STRING diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml new file mode 100644 index 0000000000..6b39cc0347 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml @@ -0,0 +1,64 @@ +apiVersion: config.istio.io/v1alpha2 +kind: attributemanifest +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: kubernetes + namespace: istio-system +spec: + attributes: + destination.container.name: + valueType: STRING + destination.ip: + valueType: IP_ADDRESS + destination.labels: + valueType: STRING_MAP + destination.metadata: + valueType: STRING_MAP + destination.name: + valueType: STRING + destination.namespace: + valueType: STRING + destination.owner: + valueType: STRING + destination.service.host: + valueType: STRING + destination.service.name: + valueType: STRING + destination.service.namespace: + valueType: STRING + destination.service.uid: + valueType: STRING + destination.serviceAccount: + valueType: STRING + destination.workload.name: + valueType: STRING + destination.workload.namespace: + valueType: STRING + destination.workload.uid: + valueType: STRING + source.ip: + valueType: IP_ADDRESS + source.labels: + valueType: STRING_MAP + source.metadata: + valueType: STRING_MAP + source.name: + valueType: STRING + source.namespace: + valueType: STRING + source.owner: + valueType: STRING + source.serviceAccount: + valueType: STRING + source.services: + valueType: STRING + source.workload.name: + valueType: STRING + source.workload.namespace: + valueType: STRING + source.workload.uid: + valueType: STRING diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml new file mode 100644 index 0000000000..41928afff6 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml @@ -0,0 +1,13 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: kubernetesenv + namespace: istio-system +spec: + compiledAdapter: kubernetesenv + params: null diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml new file mode 100644 index 0000000000..7558b99229 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml @@ -0,0 +1,216 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system +spec: + compiledAdapter: prometheus + params: + metrics: + - instance_name: requestcount.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: requests_total + - buckets: + explicit_buckets: + bounds: + - 0.005 + - 0.01 + - 0.025 + - 0.05 + - 0.1 + - 0.25 + - 0.5 + - 1 + - 2.5 + - 5 + - 10 + instance_name: requestduration.metric.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: request_duration_seconds + - buckets: + exponentialBuckets: + growthFactor: 10 + numFiniteBuckets: 8 + scale: 1 + instance_name: requestsize.metric.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: request_bytes + - buckets: + exponentialBuckets: + growthFactor: 10 + numFiniteBuckets: 8 + scale: 1 + instance_name: responsesize.metric.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: response_bytes + - instance_name: tcpbytesent.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_sent_bytes_total + - instance_name: tcpbytereceived.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_received_bytes_total + - instance_name: tcpconnectionsopened.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_connections_opened_total + - instance_name: tcpconnectionsclosed.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_connections_closed_total + metricsExpirationPolicy: + metricsExpiryDuration: 10m diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_stdio.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_stdio.yaml new file mode 100644 index 0000000000..2baf4e9096 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_stdio.yaml @@ -0,0 +1,14 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: stdio + namespace: istio-system +spec: + compiledAdapter: stdio + params: + outputAsJson: true diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_kubernetes_attributes.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_kubernetes_attributes.yaml new file mode 100644 index 0000000000..1e66576783 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_kubernetes_attributes.yaml @@ -0,0 +1,37 @@ +apiVersion: config.istio.io/v1alpha2 +kind: kubernetes +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: attributes + namespace: istio-system +spec: + attribute_bindings: + destination.container.name: $out.destination_container_name | "unknown" + destination.ip: $out.destination_pod_ip | ip("0.0.0.0") + destination.labels: $out.destination_labels | emptyStringMap() + destination.name: $out.destination_pod_name | "unknown" + destination.namespace: $out.destination_namespace | "default" + destination.owner: $out.destination_owner | "unknown" + destination.serviceAccount: $out.destination_service_account_name | "unknown" + destination.uid: $out.destination_pod_uid | "unknown" + destination.workload.name: $out.destination_workload_name | "unknown" + destination.workload.namespace: $out.destination_workload_namespace | "unknown" + destination.workload.uid: $out.destination_workload_uid | "unknown" + source.ip: $out.source_pod_ip | ip("0.0.0.0") + source.labels: $out.source_labels | emptyStringMap() + source.name: $out.source_pod_name | "unknown" + source.namespace: $out.source_namespace | "default" + source.owner: $out.source_owner | "unknown" + source.serviceAccount: $out.source_service_account_name | "unknown" + source.uid: $out.source_pod_uid | "unknown" + source.workload.name: $out.source_workload_name | "unknown" + source.workload.namespace: $out.source_workload_namespace | "unknown" + source.workload.uid: $out.source_workload_uid | "unknown" + destination_port: destination.port | 0 + destination_uid: destination.uid | "" + source_ip: source.ip | ip("0.0.0.0") + source_uid: source.uid | "" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_accesslog.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_accesslog.yaml new file mode 100644 index 0000000000..c4098d4e17 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_accesslog.yaml @@ -0,0 +1,58 @@ +apiVersion: config.istio.io/v1alpha2 +kind: logentry +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: accesslog + namespace: istio-system +spec: + monitored_resource_type: '"global"' + severity: '"Info"' + timestamp: request.time + variables: + apiClaims: request.auth.raw_claims | "" + apiKey: request.api_key | request.headers["x-api-key"] | "" + clientTraceId: request.headers["x-client-trace-id"] | "" + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destinationApp: destination.labels["app"] | "" + destinationIp: destination.ip | ip("0.0.0.0") + destinationName: destination.name | "" + destinationNamespace: destination.namespace | "" + destinationOwner: destination.owner | "" + destinationPrincipal: destination.principal | "" + destinationServiceHost: destination.service.host | "" + destinationWorkload: destination.workload.name | "" + grpcMessage: response.grpc_message | "" + grpcStatus: response.grpc_status | "" + httpAuthority: request.headers[":authority"] | request.host | "" + latency: response.duration | "0ms" + method: request.method | "" + permissiveResponseCode: rbac.permissive.response_code | "none" + permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" + protocol: request.scheme | context.protocol | "http" + receivedBytes: request.total_size | 0 + referer: request.referer | "" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + requestId: request.headers["x-request-id"] | "" + requestSize: request.size | 0 + requestedServerName: connection.requested_server_name | "" + responseCode: response.code | 0 + responseFlags: context.proxy_error_code | "" + responseSize: response.size | 0 + responseTimestamp: response.time + sentBytes: response.total_size | 0 + sourceApp: source.labels["app"] | "" + sourceIp: source.ip | ip("0.0.0.0") + sourceName: source.name | "" + sourceNamespace: source.namespace | "" + sourceOwner: source.owner | "" + sourcePrincipal: source.principal | "" + sourceWorkload: source.workload.name | "" + url: request.path | "" + userAgent: request.useragent | "" + xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_tcpaccesslog.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_tcpaccesslog.yaml new file mode 100644 index 0000000000..797b01697d --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_tcpaccesslog.yaml @@ -0,0 +1,43 @@ +apiVersion: config.istio.io/v1alpha2 +kind: logentry +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpaccesslog + namespace: istio-system +spec: + monitored_resource_type: '"global"' + severity: '"Info"' + timestamp: context.time | timestamp("2017-01-01T00:00:00Z") + variables: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + connectionDuration: connection.duration | "0ms" + connectionEvent: connection.event | "" + destinationApp: destination.labels["app"] | "" + destinationIp: destination.ip | ip("0.0.0.0") + destinationName: destination.name | "" + destinationNamespace: destination.namespace | "" + destinationOwner: destination.owner | "" + destinationPrincipal: destination.principal | "" + destinationServiceHost: destination.service.host | "" + destinationWorkload: destination.workload.name | "" + protocol: context.protocol | "tcp" + receivedBytes: connection.received.bytes | 0 + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + requestedServerName: connection.requested_server_name | "" + responseFlags: context.proxy_error_code | "" + sentBytes: connection.sent.bytes | 0 + sourceApp: source.labels["app"] | "" + sourceIp: source.ip | ip("0.0.0.0") + sourceName: source.name | "" + sourceNamespace: source.namespace | "" + sourceOwner: source.owner | "" + sourcePrincipal: source.principal | "" + sourceWorkload: source.workload.name | "" + totalReceivedBytes: connection.received.bytes_total | 0 + totalSentBytes: connection.sent.bytes_total | 0 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestcount.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestcount.yaml new file mode 100644 index 0000000000..5aa199b236 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestcount.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: requestcount + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestduration.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestduration.yaml new file mode 100644 index 0000000000..914e4d4b5a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestduration.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: requestduration + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: response.duration | "0ms" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestsize.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestsize.yaml new file mode 100644 index 0000000000..155343600d --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestsize.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: requestsize + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: request.size | 0 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_responsesize.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_responsesize.yaml new file mode 100644 index 0000000000..d3aafb93c3 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_responsesize.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: responsesize + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: response.size | 0 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytereceived.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytereceived.yaml new file mode 100644 index 0000000000..33e8f468b9 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytereceived.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpbytereceived + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: connection.received.bytes | 0 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytesent.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytesent.yaml new file mode 100644 index 0000000000..39df34138c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytesent.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpbytesent + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: connection.sent.bytes | 0 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsclosed.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsclosed.yaml new file mode 100644 index 0000000000..f2b80ce1d8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsclosed.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpconnectionsclosed + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.name | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsopened.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsopened.yaml new file mode 100644 index 0000000000..68dbbf0c9c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsopened.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpconnectionsopened + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.name | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml new file mode 100644 index 0000000000..16f89c981d --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml @@ -0,0 +1,15 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: kubeattrgenrulerule + namespace: istio-system +spec: + actions: + - handler: kubernetesenv + instances: + - attributes.kubernetes diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml new file mode 100644 index 0000000000..6ba4b19caa --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml @@ -0,0 +1,20 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promhttp + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - requestcount.metric + - requestduration.metric + - requestsize.metric + - responsesize.metric + match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent + | "-"), "kube-probe*") == false) diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml new file mode 100644 index 0000000000..74466f18be --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml @@ -0,0 +1,17 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promtcp + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpbytesent.metric + - tcpbytereceived.metric + match: context.protocol == "tcp" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml new file mode 100644 index 0000000000..4414aa902c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promtcpconnectionclosed + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpconnectionsclosed.metric + match: context.protocol == "tcp" && ((connection.event | "na") == "close") diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml new file mode 100644 index 0000000000..5d119b596e --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promtcpconnectionopen + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpconnectionsopened.metric + match: context.protocol == "tcp" && ((connection.event | "na") == "open") diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdio.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdio.yaml new file mode 100644 index 0000000000..2d272125d1 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdio.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: stdio + namespace: istio-system +spec: + actions: + - handler: stdio + instances: + - accesslog.logentry + match: context.protocol == "http" || context.protocol == "grpc" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdiotcp.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdiotcp.yaml new file mode 100644 index 0000000000..339c38a2bd --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdiotcp.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: stdiotcp + namespace: istio-system +spec: + actions: + - handler: stdio + instances: + - tcpaccesslog.logentry + match: context.protocol == "tcp" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml new file mode 100644 index 0000000000..7e713777c2 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpkubeattrgenrulerule + namespace: istio-system +spec: + actions: + - handler: kubernetesenv + instances: + - attributes.kubernetes + match: context.protocol == "tcp" diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml new file mode 100644 index 0000000000..4bc62dd7f8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-policy + namespace: istio-system +spec: + host: istio-policy.istio-system.svc.cluster.local + trafficPolicy: + connectionPool: + http: + http2MaxRequests: 10000 + maxRequestsPerConnection: 10000 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml new file mode 100644 index 0000000000..97db246c89 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-telemetry + namespace: istio-system +spec: + host: istio-telemetry.istio-system.svc.cluster.local + trafficPolicy: + connectionPool: + http: + http2MaxRequests: 10000 + maxRequestsPerConnection: 10000 diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-egressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-egressgateway.yaml new file mode 100644 index 0000000000..a1c5f6ab12 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-egressgateway.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: istio-egressgateway + istio: egressgateway + release: istio diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml new file mode 100644 index 0000000000..9a384b903b --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: galley + istio: galley + release: istio diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml new file mode 100644 index 0000000000..579d4ec2e0 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway + release: istio diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml new file mode 100644 index 0000000000..73bd8933ad --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: pilot + istio: pilot + release: istio diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml new file mode 100644 index 0000000000..5ac4f6464a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml @@ -0,0 +1,21 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: policy + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: policy + release: istio + version: 1.1.0 + name: istio-policy + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: policy + istio: mixer + istio-mixer-type: policy + release: istio diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml new file mode 100644 index 0000000000..ee5c3a1dee --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml @@ -0,0 +1,21 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: telemetry + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: telemetry + release: istio + version: 1.1.0 + name: istio-telemetry + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: telemetry + istio: mixer + istio-mixer-type: telemetry + release: istio diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml new file mode 100644 index 0000000000..cb57ab8639 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-citadel-istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - watch + - list + - update + - delete +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - get + - watch + - list +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-cleanup-secrets-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-cleanup-secrets-istio-system.yaml new file mode 100644 index 0000000000..b31002df62 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-cleanup-secrets-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "1" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-istio-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - delete diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-egressgateway-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-egressgateway-istio-system.yaml new file mode 100644 index 0000000000..14745dd1b5 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-egressgateway-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway-istio-system +rules: +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + - gateways + verbs: + - get + - watch + - list + - update diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml new file mode 100644 index 0000000000..31cd021e86 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml @@ -0,0 +1,85 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + name: istio-galley-istio-system +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resourceNames: + - istio-galley + resources: + - deployments + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + - services + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resourceNames: + - istio-galley + resources: + - deployments/finalizers + verbs: + - update diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-grafana-post-install-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-grafana-post-install-istio-system.yaml new file mode 100644 index 0000000000..f38f3710ac --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-grafana-post-install-istio-system.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-istio-system +rules: +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-ingressgateway-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-ingressgateway-istio-system.yaml new file mode 100644 index 0000000000..ce57730853 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-ingressgateway-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway-istio-system +rules: +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + - gateways + verbs: + - get + - watch + - list + - update diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml new file mode 100644 index 0000000000..4c406989f2 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-mixer-istio-system +rules: +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - create + - get + - list + - watch + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - pods + - services + - namespaces + - secrets + - replicationcontrollers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml new file mode 100644 index 0000000000..fbf58bcdd1 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml @@ -0,0 +1,73 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot-istio-system +rules: +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - get + - watch + - list +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - endpoints + - pods + - services + - namespaces + - nodes + - secrets + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml new file mode 100644 index 0000000000..40b0dd6c47 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + - services + - endpoints + - replicationcontrollers + verbs: + - get + - watch + - list +- apiGroups: + - extensions + - apps + resources: + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml new file mode 100644 index 0000000000..06d72de038 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector-istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - patch diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali-viewer.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali-viewer.yaml new file mode 100644 index 0000000000..a00bd03674 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali-viewer.yaml @@ -0,0 +1,124 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali-viewer +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - services + - replicationcontrollers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + resources: + - apikeys + - authorizations + - checknothings + - circonuses + - deniers + - fluentds + - handlers + - kubernetesenvs + - kuberneteses + - listcheckers + - listentries + - logentries + - memquotas + - metrics + - opas + - prometheuses + - quotas + - quotaspecbindings + - quotaspecs + - rbacs + - reportnothings + - rules + - servicecontrolreports + - servicecontrols + - solarwindses + - stackdrivers + - statsds + - stdios + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + resources: + - destinationrules + - gateways + - serviceentries + - virtualservices + verbs: + - get + - list + - watch +- apiGroups: + - authentication.istio.io + resources: + - policies + - meshpolicies + verbs: + - get + - list + - watch +- apiGroups: + - rbac.istio.io + resources: + - clusterrbacconfigs + - rbacconfigs + - serviceroles + - servicerolebindings + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.kiali.io + resources: + - monitoringdashboards + verbs: + - get diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali.yaml new file mode 100644 index 0000000000..de91e8f85c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali.yaml @@ -0,0 +1,134 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - services + - replicationcontrollers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + resources: + - apikeys + - authorizations + - checknothings + - circonuses + - deniers + - fluentds + - handlers + - kubernetesenvs + - kuberneteses + - listcheckers + - listentries + - logentries + - memquotas + - metrics + - opas + - prometheuses + - quotas + - quotaspecbindings + - quotaspecs + - rbacs + - reportnothings + - rules + - solarwindses + - stackdrivers + - statsds + - stdios + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + resources: + - destinationrules + - gateways + - serviceentries + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - authentication.istio.io + resources: + - policies + - meshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - rbac.istio.io + resources: + - clusterrbacconfigs + - rbacconfigs + - serviceroles + - servicerolebindings + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - monitoring.kiali.io + resources: + - monitoringdashboards + verbs: + - get diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml new file mode 100644 index 0000000000..4e42dfb6a6 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus-istio-system +rules: +- apiGroups: + - "" + resources: + - nodes + - services + - endpoints + - pods + - nodes/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml new file mode 100644 index 0000000000..28ac035ab6 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-citadel-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-citadel-istio-system +subjects: +- kind: ServiceAccount + name: istio-citadel-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-cleanup-secrets-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-cleanup-secrets-istio-system.yaml new file mode 100644 index 0000000000..fcc37b18d8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-cleanup-secrets-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "2" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-cleanup-secrets-istio-system +subjects: +- kind: ServiceAccount + name: istio-cleanup-secrets-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-egressgateway-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-egressgateway-istio-system.yaml new file mode 100644 index 0000000000..291dd013b8 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-egressgateway-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-egressgateway-istio-system +subjects: +- kind: ServiceAccount + name: istio-egressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml new file mode 100644 index 0000000000..9c2ca1a82c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + name: istio-galley-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-galley-istio-system +subjects: +- kind: ServiceAccount + name: istio-galley-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-grafana-post-install-role-binding-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-grafana-post-install-role-binding-istio-system.yaml new file mode 100644 index 0000000000..473c34c42b --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-grafana-post-install-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-grafana-post-install-istio-system +subjects: +- kind: ServiceAccount + name: istio-grafana-post-install-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-ingressgateway-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-ingressgateway-istio-system.yaml new file mode 100644 index 0000000000..c4b2804104 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-ingressgateway-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-ingressgateway-istio-system +subjects: +- kind: ServiceAccount + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-kiali-admin-role-binding-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-kiali-admin-role-binding-istio-system.yaml new file mode 100644 index 0000000000..d1db23758b --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-kiali-admin-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: istio-kiali-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kiali +subjects: +- kind: ServiceAccount + name: kiali-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml new file mode 100644 index 0000000000..8c801ce56f --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-mixer-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-mixer-istio-system +subjects: +- kind: ServiceAccount + name: istio-mixer-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml new file mode 100644 index 0000000000..b7cccaacb3 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + chart: istio-1.1.0 + name: istio-multi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader +subjects: +- kind: ServiceAccount + name: istio-multi + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml new file mode 100644 index 0000000000..fc78ced111 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-pilot-istio-system +subjects: +- kind: ServiceAccount + name: istio-pilot-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml new file mode 100644 index 0000000000..fc5d7a83d6 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-sidecar-injector-istio-system +subjects: +- kind: ServiceAccount + name: istio-sidecar-injector-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml new file mode 100644 index 0000000000..455f52e864 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-istio-system +subjects: +- kind: ServiceAccount + name: prometheus + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml new file mode 100644 index 0000000000..9078948664 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-ingressgateway-sds + namespace: istio-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml new file mode 100644 index 0000000000..2b7f198468 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-ingressgateway-sds + namespace: istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-ingressgateway-sds +subjects: +- kind: ServiceAccount + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml new file mode 100644 index 0000000000..57718cea6d --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-istio-system +rules: +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get +- apiGroups: + - extensions + - apps + resources: + - deployments + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml new file mode 100644 index 0000000000..725830af27 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-security-post-install-istio-system +subjects: +- kind: ServiceAccount + name: istio-security-post-install-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/route.openshift.io_v1_route_istio-ingressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/route.openshift.io_v1_route_istio-ingressgateway.yaml new file mode 100644 index 0000000000..9f021fb1e7 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/route.openshift.io_v1_route_istio-ingressgateway.yaml @@ -0,0 +1,17 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + app: istio-ingressgateway + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + port: + targetPort: http2 + to: + kind: Service + name: istio-ingressgateway + weight: 100 + wildcardPolicy: None diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml new file mode 100644 index 0000000000..cc77485872 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml @@ -0,0 +1,123 @@ +apiVersion: v1 +data: + validatingwebhookconfiguration.yaml: |- + apiVersion: admissionregistration.k8s.io/v1beta1 + kind: ValidatingWebhookConfiguration + metadata: + name: istio-galley + namespace: istio-system + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + istio: galley + webhooks: + - name: pilot.validation.istio.io + clientConfig: + service: + name: istio-galley + namespace: istio-system + path: "/admitpilot" + caBundle: "" + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - config.istio.io + apiVersions: + - v1alpha2 + resources: + - httpapispecs + - httpapispecbindings + - quotaspecs + - quotaspecbindings + - operations: + - CREATE + - UPDATE + apiGroups: + - rbac.istio.io + apiVersions: + - "*" + resources: + - "*" + - operations: + - CREATE + - UPDATE + apiGroups: + - authentication.istio.io + apiVersions: + - "*" + resources: + - "*" + - operations: + - CREATE + - UPDATE + apiGroups: + - networking.istio.io + apiVersions: + - "*" + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + failurePolicy: Fail + - name: mixer.validation.istio.io + clientConfig: + service: + name: istio-galley + namespace: istio-system + path: "/admitmixer" + caBundle: "" + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - config.istio.io + apiVersions: + - v1alpha2 + resources: + - rules + - attributemanifests + - circonuses + - deniers + - fluentds + - kubernetesenvs + - listcheckers + - memquotas + - noops + - opas + - prometheuses + - rbacs + - solarwindses + - stackdrivers + - cloudwatches + - dogstatsds + - statsds + - stdios + - apikeys + - authorizations + - checknothings + # - kuberneteses + - listentries + - logentries + - metrics + - quotas + - reportnothings + - tracespans + failurePolicy: Fail +kind: ConfigMap +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley-configuration + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-galley-dashboard.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-galley-dashboard.yaml new file mode 100644 index 0000000000..c7b460e359 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-galley-dashboard.yaml @@ -0,0 +1,341 @@ +apiVersion: v1 +data: + galley-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", + "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": + "Prometheus" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- + Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, + "gnetId": null, "graphTooltip": 0, "links": [], "panels": [ { "aliasColors": {}, + "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 5, "w": 24, "x": 0, "y": 0 }, "id": 46, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(istio_build{component=\"galley\"}) by (tag)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{{ tag }}", "refId": "A" + } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Galley Versions", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": + 24, "x": 0, "y": 5 }, "id": 40, "panels": [], "title": "Resource Usage", "type": + "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 0, "y": + 6 }, "id": 36, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "process_virtual_memory_bytes{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Virtual Memory", + "refId": "A" }, { "expr": "process_resident_memory_bytes{job=\"galley\"}", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", "refId": + "B" }, { "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", "format": "time_series", + "intervalFactor": 2, "legendFormat": "heap sys", "refId": "C" }, { "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "heap alloc", "refId": + "D" }, { "expr": "go_memstats_alloc_bytes{job=\"galley\"}", "format": "time_series", + "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F" }, { "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": + "G" }, { "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", "format": "time_series", + "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "H" }, { "expr": + "sum(container_memory_usage_bytes{container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Total (kis)", "refId": + "E" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 8, "w": 6, "x": 6, "y": 6 }, "id": 38, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(rate(container_cpu_usage_seconds_total{container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": + "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{container_name=~\"galley\", + pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", "format": "time_series", + "intervalFactor": 2, "legendFormat": "{{ container_name }} (k8s)", "refId": "B" + }, { "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", "format": + "time_series", "intervalFactor": 2, "legendFormat": "galley (self-reported)", + "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 8, "w": 6, "x": 12, "y": 6 }, "id": 42, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "process_open_fds{job=\"galley\"}", "format": "time_series", "intervalFactor": + 2, "legendFormat": "Open FDs (galley)", "refId": "A" }, { "expr": "container_fs_usage_bytes{container_name=~\"galley\", + pod_name=~\"istio-galley-.*\"}", "format": "time_series", "intervalFactor": 2, + "legendFormat": "{{ container_name }} ", "refId": "B" } ], "thresholds": [], "timeFrom": + null, "timeRegions": [], "timeShift": null, "title": "Disk", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { + "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 18, "y": 6 }, "id": + 44, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "goroutines_total", + "refId": "A" }, { "expr": "galley_mcp_source_clients_total", "format": "time_series", + "intervalFactor": 1, "legendFormat": "clients_total", "refId": "B" }, { "expr": + "go_goroutines{job=\"galley\"}/galley_mcp_source_clients_total", "format": "time_series", + "intervalFactor": 1, "legendFormat": "avg_goroutines_per_client", "refId": "C" + } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": + 24, "x": 0, "y": 14 }, "id": 10, "panels": [], "title": "Runtime", "type": "row" + }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 15 }, "id": + 2, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Strategy + Change Events", "refId": "A" }, { "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Processed + Events", "refId": "B" }, { "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Snapshot + Published", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": + [], "timeShift": null, "title": "Event Rates", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "short", "label": "Events/min", "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, + "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 15 }, "id": 4, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Max Time + Reached", "refId": "A" }, { "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Quiesce + Reached", "refId": "B" }, { "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Timer Resets", + "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Timer Rates", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events/min", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 16, "y": 15 }, "id": 8, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 3, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": true, "steppedLine": false, "targets": [ { "expr": + "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P50", "refId": + "A" }, { "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P90", "refId": + "B" }, { "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P95", "refId": + "C" }, { "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P99", "refId": + "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Events Per Snapshot", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 21 }, "id": 6, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum by (typeURL) (galley_runtime_state_type_instances_total)", "format": "time_series", + "intervalFactor": 1, "legendFormat": "{{ typeURL }}", "refId": "A" } ], "thresholds": + [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "State Type + Instances", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Count", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": + 24, "x": 0, "y": 27 }, "id": 34, "panels": [], "title": "Validation", "type": + "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": + 28 }, "id": 28, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "galley_validation_cert_key_updates{job=\"galley\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Key Updates", "refId": + "A" }, { "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Key Update Errors: {{ error + }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], + "timeShift": null, "title": "Validation Webhook Certificate", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 28 }, "id": 30, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, + version, resource)", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Passed: {{ group }}/{{ version }}/{{resource}}", "refId": "A" }, { "expr": "sum(galley_validation_failed{job=\"galley\"}) + by (group, version, resource, reason)", "format": "time_series", "intervalFactor": + 1, "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", + "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Resource Validation", "tooltip": { "shared": true, "sort": 0, + "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": + "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", + "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": + "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } + ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": + false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": + 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 28 }, "id": 32, "legend": { "avg": + false, "current": false, "max": false, "min": false, "show": true, "total": false, + "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", + "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ status }}", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Validation HTTP Errors", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, + { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, + "gridPos": { "h": 1, "w": 24, "x": 0, "y": 34 }, "id": 12, "panels": [], "title": + "Kubernetes Source", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 0, "y": 35 }, "id": 14, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "rate(galley_source_kube_event_success_total[1m]) * 60", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Success", "refId": "A" }, { "expr": "rate(galley_source_kube_event_error_total[1m]) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Error", + "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Source Event Rate", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events/min", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 35 }, "id": 16, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "rate(galley_source_kube_dynamic_converter_success_total[1m]) * 60", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{apiVersion=\"{{apiVersion}}\",group=\"{{group}}\",kind=\"{{kind}}\"}", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Kubernetes Object Conversion Successes", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": "Conversions/min", "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": + 35 }, "id": 24, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Error", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Kubernetes Object Conversion Failures", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": "Failures/min", "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 41 + }, "id": 18, "panels": [], "title": "Mesh Configuration Protocol", "type": "row" + }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 42 }, "id": + 20, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(galley_mcp_source_clients_total)", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Clients", "refId": + "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Connected Clients", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 42 }, "id": 22, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum by(collection)(irate(galley_mcp_source_request_acks_total[1m]) * 60)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], "thresholds": + [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Request + ACKs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": + "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, + "values": [] }, "yaxes": [ { "format": "short", "label": "ACKs/min", "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 16, "y": 42 }, "id": 26, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "rate(galley_mcp_source_request_nacks_total[1m]) * 60", "format": "time_series", + "intervalFactor": 1, "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": + [], "timeShift": null, "title": "Request NACKs", "tooltip": { "shared": true, + "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": "NACKs/min", "logBase": 1, "max": null, "min": null, + "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, + "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } + } ], "refresh": "5s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": + { "list": [] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": + [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": + [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", + "title": "Istio Galley Dashboard", "uid": "TSEY6jLmk", "version": 1 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-galley-dashboard + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-mesh-dashboard.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-mesh-dashboard.yaml new file mode 100644 index 0000000000..8be80d7176 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-mesh-dashboard.yaml @@ -0,0 +1,229 @@ +apiVersion: v1 +data: + istio-mesh-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": + "Prometheus", "description": "", "type": "datasource", "pluginId": "prometheus", + "pluginName": "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", + "name": "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": + "Graph", "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": + "Prometheus", "version": "5.0.0" }, { "type": "panel", "id": "singlestat", "name": + "Singlestat", "version": "5.0.0" }, { "type": "panel", "id": "table", "name": + "Table", "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", + "version": "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": + "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, + 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, + "gnetId": null, "graphTooltip": 0, "id": null, "links": [], "panels": [ { "content": + "
\n
\n Istio\n
\n
\n Istio + is an open platform + that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the + Istio community.\n
\n
", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": "50px", "id": 13, "links": + [], "mode": "html", "style": { "font-size": "18pt" }, "title": "", "transparent": + true, "type": "text" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": + false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, + 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": + 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": + true }, "gridPos": { "h": 3, "w": 6, "x": 0, "y": 3 }, "id": 20, "interval": null, + "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": + 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": + "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": + "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": + "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, + "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": + [ { "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), + 0.001)", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": + "Global Request Volume", "transparent": false, "type": "singlestat", "valueFontSize": + "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": + "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "datasource": "Prometheus", "format": "percentunit", "gauge": { + "maxValue": 100, "minValue": 80, "show": false, "thresholdLabels": false, "thresholdMarkers": + false }, "gridPos": { "h": 3, "w": 6, "x": 6, "y": 3 }, "id": 21, "interval": + null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", + "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, + "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": + "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", + "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, + 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": + "", "targets": [ { "expr": "sum(rate(istio_requests_total{reporter=\"destination\", + response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": + "95, 99, 99.5", "title": "Global Success Rate (non-5xx responses)", "transparent": + false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", + "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, + "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, + 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": + "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": + false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": + 3, "w": 6, "x": 12, "y": 3 }, "id": 22, "interval": null, "links": [], "mappingType": + 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range + to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", + "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": + "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": + { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, + 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", + response_code=~\"4.*\"}[1m])) ", "format": "time_series", "intervalFactor": 1, + "refId": "A", "step": 4 } ], "thresholds": "", "title": "4xxs", "transparent": + false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", + "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, + "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, + 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": + "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": + false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": + 3, "w": 6, "x": 18, "y": 3 }, "id": 23, "interval": null, "links": [], "mappingType": + 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range + to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", + "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": + "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": + { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, + 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", + response_code=~\"5.*\"}[1m])) ", "format": "time_series", "intervalFactor": 1, + "refId": "A", "step": 4 } ], "thresholds": "", "title": "5xxs", "transparent": + false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", + "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "columns": [], "datasource": + "Prometheus", "fontSize": "100%", "gridPos": { "h": 21, "w": 24, "x": 0, "y": + 6 }, "hideTimeOverride": false, "id": 73, "links": [], "pageSize": null, "repeat": + null, "repeatDirection": "v", "scroll": true, "showHeader": true, "sort": { "col": + 4, "desc": true }, "styles": [ { "alias": "Workload", "colorMode": null, "colors": + [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" + ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": false, "linkTargetBlank": + false, "linkTooltip": "Workload dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", + "pattern": "destination_workload", "preserveFormat": false, "sanitize": false, + "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "", "colorMode": + null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, + 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": + "Time", "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Requests", + "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": + 2, "pattern": "Value #A", "thresholds": [], "type": "number", "unit": "ops" }, + { "alias": "P50 Latency", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD + HH:mm:ss", "decimals": 2, "pattern": "Value #B", "thresholds": [], "type": "number", + "unit": "s" }, { "alias": "P90 Latency", "colorMode": null, "colors": [ "rgba(245, + 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": + "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #D", "thresholds": [], + "type": "number", "unit": "s" }, { "alias": "P99 Latency", "colorMode": null, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value + #E", "thresholds": [], "type": "number", "unit": "s" }, { "alias": "Success Rate", + "colorMode": "cell", "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, + 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": + 2, "pattern": "Value #F", "thresholds": [ ".95", " 1.00" ], "type": "number", + "unit": "percentunit" }, { "alias": "Workload", "colorMode": null, "colors": [ + "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" + ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": + "$__cell dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", + "pattern": "destination_workload_var", "thresholds": [], "type": "number", "unit": + "short" }, { "alias": "Service", "colorMode": null, "colors": [ "rgba(245, 54, + 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": + "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": "$__cell dashboard", + "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", "pattern": + "destination_service", "thresholds": [], "type": "string", "unit": "short" }, + { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, + 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, "pattern": "destination_workload_namespace", "thresholds": [], + "type": "hidden", "unit": "short" } ], "targets": [ { "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", + response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, + destination_service), \"destination_workload_var\", \".\", \"destination_workload\", + \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": + true, "intervalFactor": 1, "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace + }}", "refId": "A" }, { "expr": "label_join(histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) + by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", + \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": + "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload}}.{{ destination_workload_namespace }}", "refId": "B" + }, { "expr": "label_join(histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) + by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", + \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": + "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "D" + }, { "expr": "label_join(histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) + by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", + \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": + "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "E" + }, { "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", + response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) + / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, + destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", + \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": + true, "interval": "", "intervalFactor": 1, "legendFormat": "{{ destination_workload + }}.{{ destination_workload_namespace }}", "refId": "F" } ], "timeFrom": null, + "title": "HTTP/GRPC Workloads", "transform": "table", "transparent": false, "type": + "table" }, { "columns": [], "datasource": "Prometheus", "fontSize": "100%", "gridPos": + { "h": 18, "w": 24, "x": 0, "y": 27 }, "hideTimeOverride": false, "id": 109, "links": + [], "pageSize": null, "repeatDirection": "v", "scroll": true, "showHeader": true, + "sort": { "col": 2, "desc": true }, "styles": [ { "alias": "Workload", "colorMode": + null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, + 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": + false, "linkTargetBlank": false, "linkTooltip": "$__cell dashboard", "linkUrl": + "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", + "pattern": "destination_workload", "preserveFormat": false, "sanitize": false, + "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Bytes Sent", + "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": + 2, "pattern": "Value #A", "thresholds": [ "" ], "type": "number", "unit": "Bps" + }, { "alias": "Bytes Received", "colorMode": null, "colors": [ "rgba(245, 54, + 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": + "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #C", "thresholds": [], + "type": "number", "unit": "Bps" }, { "alias": "", "colorMode": null, "colors": + [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" + ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Time", "thresholds": + [], "type": "hidden", "unit": "short" }, { "alias": "Workload", "colorMode": null, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, + "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", + "pattern": "destination_workload_var", "thresholds": [], "type": "string", "unit": + "short" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD + HH:mm:ss", "decimals": 2, "pattern": "destination_workload_namespace", "thresholds": + [], "type": "hidden", "unit": "short" }, { "alias": "Service", "colorMode": null, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, + "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", + "pattern": "destination_service", "thresholds": [], "type": "number", "unit": + "short" } ], "targets": [ { "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) + by (destination_workload, destination_workload_namespace, destination_service), + \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", + "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}", "refId": "C" }, { "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) + by (destination_workload, destination_workload_namespace, destination_service), + \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", + "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}", "refId": "A" } ], "timeFrom": null, "title": "TCP + Workloads", "transform": "table", "transparent": false, "type": "table" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 45 }, "id": 111, "legend": + { "alignAsTable": false, "avg": false, "current": false, "max": false, "min": + false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(istio_build) by (component, tag)", "format": "time_series", "intervalFactor": + 1, "legendFormat": "{{ component }}: {{ tag }}", "refId": "A" } ], "thresholds": + [], "timeFrom": null, "timeShift": null, "title": "Istio Components by Version", + "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "transparent": + false, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 16, "style": + "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", + "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", + "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", + "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Istio Mesh + Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-mesh-dashboard + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-performance-dashboard.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-performance-dashboard.yaml new file mode 100644 index 0000000000..0d56502d7a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-performance-dashboard.yaml @@ -0,0 +1,150 @@ +apiVersion: v1 +data: + istio-performance-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": + "Prometheus", "description": "", "type": "datasource", "pluginId": "prometheus", + "pluginName": "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", + "name": "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": + "Graph", "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": + "Prometheus", "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", + "version": "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": + "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, + 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, + "gnetId": null, "graphTooltip": 0, "id": null, "links": [], "panels": [ { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 0 }, "id": 2, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "(sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ + (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", + "refId": "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) + / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", + reporter=\"source\"}[1m])), 0.001)/1000)", "format": "time_series", "intervalFactor": + 1, "legendFormat": "istio-ingressgateway", "refId": "B" }, { "expr": "(sum(rate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ + (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-proxy", + "refId": "C" }, { "expr": "(sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ + (round(sum(irate(istio_requests_total[1m])), 0.001)/1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", + "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "vCPU / 1k rps", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 9, "w": 12, "x": 12, "y": 0 }, "id": 6, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", + "refId": "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-ingressgateway", + "refId": "B" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-proxy", "refId": + "C" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", + "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "vCPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, + "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": + true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 9, "w": 12, "x": 0, "y": 9 }, "id": 4, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "(sum(container_memory_usage_bytes{pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) + / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry + / 1k rps", "refId": "A" }, { "expr": "sum(container_memory_usage_bytes{pod_name=~\"istio-ingressgateway-.*\"}) + / count(container_memory_usage_bytes{pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", + "format": "time_series", "intervalFactor": 1, "legendFormat": "per istio-ingressgateway", + "refId": "C" }, { "expr": "sum(container_memory_usage_bytes{namespace!=\"istio-system\",container_name=\"istio-proxy\"}) + / count(container_memory_usage_bytes{namespace!=\"istio-system\",container_name=\"istio-proxy\"})", + "format": "time_series", "intervalFactor": 1, "legendFormat": "per istio-proxy", + "refId": "B" }, { "expr": "(sum(container_memory_usage_bytes{pod_name=~\"istio-policy-.*\"}) + / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy + / 1k rps", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": + null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", + "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": + { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, + "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": + { "h": 9, "w": 12, "x": 12, "y": 9 }, "id": 5, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", + "refId": "A" }, { "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", + reporter=\"source\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "istio-ingressgateway", "refId": "C" }, { "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", + reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", + reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", + reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", + reporter=\"destination\"}[1m]))", "format": "time_series", "intervalFactor": 1, + "legendFormat": "istio-proxy", "refId": "D" }, { "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", + "refId": "E" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Bytes transferred / sec", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 9, "w": 24, "x": 0, "y": 18 }, "id": 8, "legend": { "alignAsTable": false, "avg": + false, "current": false, "max": false, "min": false, "rightSide": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build) by (component, + tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ component + }}: {{ tag }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Istio Components by Version", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "transparent": false, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "content": "The charts on this dashboard are intended to show Istio + main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k + rps:** shows vCPU utilization by the main Istio components normalized by 1000 + requests/second. When idle or low traffic, this chart will be blank. The curve + for istio-proxy refers to the services sidecars only. \n- **vCPU:** vCPU utilization + by Istio components, not normalized.\n- **Memory:** memory footprint for the components. + Telemetry and policy are normalized by 1k rps, and no data is shown when there + is no traffic. For ingress and istio-proxy, the data is per instance. \n- **Bytes + transferred/ sec:** shows the number of bytes flowing through each Istio component.", + "gridPos": { "h": 4, "w": 24, "x": 0, "y": 18 }, "id": 11, "links": [], "mode": + "markdown", "title": "Istio Performance Dashboard Readme", "type": "text" } ], + "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": [] }, + "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": + [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": + [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", + "title": "Istio Performance Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-performance-dashboard + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-service-dashboard.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-service-dashboard.yaml new file mode 100644 index 0000000000..d39f3a822a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-service-dashboard.yaml @@ -0,0 +1,795 @@ +apiVersion: v1 +data: + istio-service-dashboard.json: "{ \"annotations\": { \"list\": [ { \"builtIn\": 1, + \"datasource\": \"-- Grafana --\", \"enable\": true, \"hide\": true, \"iconColor\": + \"rgba(0, 211, 255, 1)\", \"name\": \"Annotations & Alerts\", \"type\": \"dashboard\" + } ] }, \"editable\": false, \"gnetId\": null, \"graphTooltip\": 0, \"iteration\": + 1536442501501, \"links\": [], \"panels\": [ { \"content\": \"
\\nSERVICE: $service\\n
\", \"gridPos\": { \"h\": + 3, \"w\": 24, \"x\": 0, \"y\": 0 }, \"id\": 89, \"links\": [], \"mode\": \"html\", + \"title\": \"\", \"transparent\": true, \"type\": \"text\" }, { \"cacheTimeout\": + null, \"colorBackground\": false, \"colorValue\": false, \"colors\": [ \"rgba(245, + 54, 54, 0.9)\", \"rgba(237, 129, 40, 0.89)\", \"rgba(50, 172, 45, 0.97)\" ], \"datasource\": + \"Prometheus\", \"format\": \"ops\", \"gauge\": { \"maxValue\": 100, \"minValue\": + 0, \"show\": false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, + \"gridPos\": { \"h\": 4, \"w\": 6, \"x\": 0, \"y\": 3 }, \"id\": 12, \"interval\": + null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value + to text\", \"value\": 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": + 100, \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", + \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": + [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": + { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": + \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", \"targets\": [ + { \"expr\": \"round(sum(irate(istio_requests_total{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[5m])), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"A\", + \"step\": 4 } ], \"thresholds\": \"\", \"title\": \"Client Request Volume\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"current\" + }, { \"cacheTimeout\": null, \"colorBackground\": false, \"colorValue\": false, + \"colors\": [ \"rgba(50, 172, 45, 0.97)\", \"rgba(237, 129, 40, 0.89)\", \"rgba(245, + 54, 54, 0.9)\" ], \"datasource\": \"Prometheus\", \"decimals\": null, \"format\": + \"percentunit\", \"gauge\": { \"maxValue\": 100, \"minValue\": 80, \"show\": false, + \"thresholdLabels\": false, \"thresholdMarkers\": false }, \"gridPos\": { \"h\": + 4, \"w\": 6, \"x\": 6, \"y\": 3 }, \"id\": 14, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\",destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\"}[5m])) + / sum(irate(istio_requests_total{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[5m]))\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"B\" } ], \"thresholds\": + \"95, 99, 99.5\", \"title\": \"Client Success Rate (non-5xx responses)\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 4, \"w\": 6, + \"x\": 12, \"y\": 3 }, \"id\": 87, \"legend\": { \"alignAsTable\": false, \"avg\": + false, \"current\": false, \"hideEmpty\": false, \"hideZero\": false, \"max\": + false, \"min\": false, \"rightSide\": true, \"show\": true, \"total\": false, + \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"interval\": \"\", \"intervalFactor\": + 1, \"legendFormat\": \"P50\", \"refId\": \"A\" }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P90\", \"refId\": \"B\" }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P99\", \"refId\": \"C\" } ], \"thresholds\": [], \"timeFrom\": + null, \"timeShift\": null, \"title\": \"Client Request Duration\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"#299c46\", \"rgba(237, 129, 40, + 0.89)\", \"#d44a3a\" ], \"datasource\": \"Prometheus\", \"format\": \"Bps\", \"gauge\": + { \"maxValue\": 100, \"minValue\": 0, \"show\": false, \"thresholdLabels\": false, + \"thresholdMarkers\": true }, \"gridPos\": { \"h\": 4, \"w\": 6, \"x\": 18, \"y\": + 3 }, \"id\": 84, \"interval\": null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": + [ { \"name\": \"value to text\", \"value\": 1 }, { \"name\": \"range to text\", + \"value\": 2 } ], \"maxDataPoints\": 100, \"nullPointMode\": \"connected\", \"nullText\": + null, \"postfix\": \"\", \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": + \"50%\", \"rangeMaps\": [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" + } ], \"sparkline\": { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, + \"lineColor\": \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", + \"targets\": [ { \"expr\": \"sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + destination_service=~\\\"$service\\\"}[1m]))\", \"format\": \"time_series\", \"hide\": + false, \"intervalFactor\": 1, \"legendFormat\": \"\", \"refId\": \"A\" } ], \"thresholds\": + \"\", \"title\": \"TCP Received Bytes\", \"transparent\": false, \"type\": \"singlestat\", + \"valueFontSize\": \"80%\", \"valueMaps\": [ { \"op\": \"=\", \"text\": \"N/A\", + \"value\": \"null\" } ], \"valueName\": \"avg\" }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"rgba(245, 54, 54, 0.9)\", \"rgba(237, + 129, 40, 0.89)\", \"rgba(50, 172, 45, 0.97)\" ], \"datasource\": \"Prometheus\", + \"format\": \"ops\", \"gauge\": { \"maxValue\": 100, \"minValue\": 0, \"show\": + false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, \"gridPos\": + { \"h\": 4, \"w\": 6, \"x\": 0, \"y\": 7 }, \"id\": 97, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"round(sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[5m])), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"A\", + \"step\": 4 } ], \"thresholds\": \"\", \"title\": \"Server Request Volume\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"current\" + }, { \"cacheTimeout\": null, \"colorBackground\": false, \"colorValue\": false, + \"colors\": [ \"rgba(50, 172, 45, 0.97)\", \"rgba(237, 129, 40, 0.89)\", \"rgba(245, + 54, 54, 0.9)\" ], \"datasource\": \"Prometheus\", \"decimals\": null, \"format\": + \"percentunit\", \"gauge\": { \"maxValue\": 100, \"minValue\": 80, \"show\": false, + \"thresholdLabels\": false, \"thresholdMarkers\": false }, \"gridPos\": { \"h\": + 4, \"w\": 6, \"x\": 6, \"y\": 7 }, \"id\": 98, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\"}[5m])) + / sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[5m]))\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"B\" } ], \"thresholds\": + \"95, 99, 99.5\", \"title\": \"Server Success Rate (non-5xx responses)\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 4, \"w\": 6, + \"x\": 12, \"y\": 7 }, \"id\": 99, \"legend\": { \"alignAsTable\": false, \"avg\": + false, \"current\": false, \"hideEmpty\": false, \"hideZero\": false, \"max\": + false, \"min\": false, \"rightSide\": true, \"show\": true, \"total\": false, + \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"interval\": \"\", \"intervalFactor\": + 1, \"legendFormat\": \"P50\", \"refId\": \"A\" }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P90\", \"refId\": \"B\" }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P99\", \"refId\": \"C\" } ], \"thresholds\": [], \"timeFrom\": + null, \"timeShift\": null, \"title\": \"Server Request Duration\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"#299c46\", \"rgba(237, 129, 40, + 0.89)\", \"#d44a3a\" ], \"datasource\": \"Prometheus\", \"format\": \"Bps\", \"gauge\": + { \"maxValue\": 100, \"minValue\": 0, \"show\": false, \"thresholdLabels\": false, + \"thresholdMarkers\": true }, \"gridPos\": { \"h\": 4, \"w\": 6, \"x\": 18, \"y\": + 7 }, \"id\": 100, \"interval\": null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": + [ { \"name\": \"value to text\", \"value\": 1 }, { \"name\": \"range to text\", + \"value\": 2 } ], \"maxDataPoints\": 100, \"nullPointMode\": \"connected\", \"nullText\": + null, \"postfix\": \"\", \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": + \"50%\", \"rangeMaps\": [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" + } ], \"sparkline\": { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, + \"lineColor\": \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", + \"targets\": [ { \"expr\": \"sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"source\\\", + destination_service=~\\\"$service\\\"}[1m])) \", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"\", \"refId\": \"A\" + } ], \"thresholds\": \"\", \"title\": \"TCP Sent Bytes\", \"transparent\": false, + \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ { \"op\": + \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" }, { + \"content\": \"
\\nCLIENT + WORKLOADS\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": + 11 }, \"id\": 45, \"links\": [], \"mode\": \"html\", \"title\": \"\", \"transparent\": + true, \"type\": \"text\" }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 14 }, \"id\": 25, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null as zero\", \"percentage\": false, + \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\",destination_service=~\\\"$service\\\",reporter=\\\"source\\\",source_workload=~\\\"$srcwl\\\",source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace, response_code), 0.001)\", \"format\": + \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", reporter=\\\"source\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace, + response_code), 0.001)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace }} : + {{ response_code }}\", \"refId\": \"A\", \"step\": 2 } ], \"thresholds\": [], + \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming Requests by Source + And Response Code\", \"tooltip\": { \"shared\": false, \"sort\": 0, \"value_type\": + \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": + \"time\", \"name\": null, \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": + [ { \"format\": \"ops\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": { \"align\": + false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 14 }, \"id\": 26, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": + false, \"min\": false, \"show\": true, \"total\": false, \"values\": false }, + \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace) + / sum(irate(istio_requests_total{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": + [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming Success Rate + (non-5xx responses) By Source\", \"tooltip\": { \"shared\": true, \"sort\": 0, + \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": 1, \"max\": \"1.01\", + \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": { \"align\": + false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"description\": \"\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 0, \"y\": 20 }, \"id\": + 27, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"hideZero\": false, \"max\": false, \"min\": false, \"rightSide\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Incoming Request Duration by Source\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 20 }, \"id\": + 28, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Incoming Request Size By Source\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": + \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": + false } ], \"yaxis\": { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 16, \"y\": 20 }, \"id\": + 68, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Response Size By Source\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 26 }, \"id\": + 80, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace}} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}}\", + \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Bytes Received from Incoming TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 26 }, \"id\": + 82, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": + \"{{ source_workload }}.{{ source_workload_namespace}} (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": + \"{{ source_workload }}.{{ source_workload_namespace}}\", \"refId\": \"B\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Bytes Sent to Incoming TCP Connection\", \"tooltip\": { \"shared\": true, \"sort\": + 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"Bps\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": true } ], \"yaxis\": { \"align\": false, + \"alignLevel\": null } }, { \"content\": \"
\\nSERVICE + WORKLOADS\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": + 32 }, \"id\": 69, \"links\": [], \"mode\": \"html\", \"title\": \"\", \"transparent\": + true, \"type\": \"text\" }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 35 }, \"id\": 90, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null as zero\", \"percentage\": false, + \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\",destination_service=~\\\"$service\\\",reporter=\\\"destination\\\",destination_workload=~\\\"$dstwl\\\",destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace, response_code), 0.001)\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", reporter=\\\"destination\\\", destination_workload=~\\\"$dstwl\\\", + destination_workload_namespace=~\\\"$dstns\\\"}[5m])) by (destination_workload, + destination_workload_namespace, response_code), 0.001)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }} : {{ response_code }}\", \"refId\": \"A\", + \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, + \"title\": \"Incoming Requests by Destination And Response Code\", \"tooltip\": + { \"shared\": false, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": + \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, + \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": [ { \"format\": \"ops\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true + }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": false } ], \"yaxis\": { \"align\": false, \"alignLevel\": null + } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, + \"x\": 12, \"y\": 35 }, \"id\": 91, \"legend\": { \"avg\": false, \"current\": + false, \"hideEmpty\": true, \"hideZero\": false, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }} (\U0001F510mTLS)\", \"refId\": \"A\", + \"step\": 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }}\", \"refId\": \"B\", \"step\": 2 } ], + \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming + Success Rate (non-5xx responses) By Source\", \"tooltip\": { \"shared\": true, + \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": + 1, \"max\": \"1.01\", \"min\": \"0\", \"show\": true }, { \"format\": \"short\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false + } ], \"yaxis\": { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"description\": \"\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": + 0, \"y\": 41 }, \"id\": 94, \"legend\": { \"alignAsTable\": false, \"avg\": false, + \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": false, + \"min\": false, \"rightSide\": false, \"show\": true, \"total\": false, \"values\": + false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\", + \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Incoming Request Duration by Source\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 41 }, \"id\": + 95, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\", + \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Incoming Request Size By Source\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 16, \"y\": 41 }, \"id\": + 96, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\", + \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Response Size By Source\", \"tooltip\": { \"shared\": true, + \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 47 }, \"id\": + 92, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace), 0.001)\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace}} (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace), 0.001)\", \"format\": + \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace}}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": + [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Bytes Received from + Incoming TCP Connection\", \"tooltip\": { \"shared\": true, \"sort\": 0, \"value_type\": + \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": + \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": [ { \"format\": + \"Bps\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": + true }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, + \"min\": null, \"show\": true } ], \"yaxis\": { \"align\": false, \"alignLevel\": + null } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": + false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": + 12, \"x\": 12, \"y\": 47 }, \"id\": 93, \"legend\": { \"avg\": false, \"current\": + false, \"max\": false, \"min\": false, \"show\": true, \"total\": false, \"values\": + false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", + destination_workload_namespace=~\\\"$dstns\\\"}[1m])) by (destination_workload, + destination_workload_namespace), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_workload }}.{{destination_workload_namespace + }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", + destination_workload_namespace=~\\\"$dstns\\\"}[1m])) by (destination_workload, + destination_workload_namespace), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_workload }}.{{destination_workload_namespace + }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Bytes Sent to Incoming TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } } ], \"refresh\": \"10s\", \"schemaVersion\": + 16, \"style\": \"dark\", \"tags\": [], \"templating\": { \"list\": [ { \"allValue\": + null, \"datasource\": \"Prometheus\", \"hide\": 0, \"includeAll\": false, \"label\": + \"Service\", \"multi\": false, \"name\": \"service\", \"options\": [], \"query\": + \"label_values(destination_service)\", \"refresh\": 1, \"regex\": \"\", \"sort\": + 0, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", + \"useTags\": false }, { \"allValue\": null, \"current\": { \"text\": \"All\", + \"value\": \"$__all\" }, \"datasource\": \"Prometheus\", \"hide\": 0, \"includeAll\": + true, \"label\": \"Client Workload Namespace\", \"multi\": true, \"name\": \"srcns\", + \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_service=\\\"$service\\\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\"}) by (source_workload_namespace))\", \"refresh\": + 1, \"regex\": \"/.*namespace=\\\"([^\\\"]*).*/\", \"sort\": 2, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": { \"text\": \"All\", \"value\": \"$__all\" + }, \"datasource\": \"Prometheus\", \"hide\": 0, \"includeAll\": true, \"label\": + \"Client Workload\", \"multi\": true, \"name\": \"srcwl\", \"options\": [], \"query\": + \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", destination_service=~\\\"$service\\\", + source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\", source_workload_namespace=~\\\"$srcns\\\"}) + by (source_workload))\", \"refresh\": 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", + \"sort\": 3, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false }, { \"allValue\": null, \"current\": { \"text\": + \"All\", \"value\": \"$__all\" }, \"datasource\": \"Prometheus\", \"hide\": 0, + \"includeAll\": true, \"label\": \"Service Workload Namespace\", \"multi\": true, + \"name\": \"dstns\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_service=\\\"$service\\\"}) by (destination_workload_namespace) or + sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", destination_service=~\\\"$service\\\"}) + by (destination_workload_namespace))\", \"refresh\": 1, \"regex\": \"/.*namespace=\\\"([^\\\"]*).*/\", + \"sort\": 2, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false }, { \"allValue\": null, \"current\": { \"text\": + \"All\", \"value\": \"$__all\" }, \"datasource\": \"Prometheus\", \"hide\": 0, + \"includeAll\": true, \"label\": \"Service Workload\", \"multi\": true, \"name\": + \"dstwl\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\", destination_workload_namespace=~\\\"$dstns\\\"}) + by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\", destination_workload_namespace=~\\\"$dstns\\\"}) + by (destination_workload))\", \"refresh\": 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", + \"sort\": 3, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false } ] }, \"time\": { \"from\": \"now-5m\", \"to\": + \"now\" }, \"timepicker\": { \"refresh_intervals\": [ \"5s\", \"10s\", \"30s\", + \"1m\", \"5m\", \"15m\", \"30m\", \"1h\", \"2h\", \"1d\" ], \"time_options\": + [ \"5m\", \"15m\", \"1h\", \"6h\", \"12h\", \"24h\", \"2d\", \"7d\", \"30d\" ] + }, \"timezone\": \"\", \"title\": \"Istio Service Dashboard\", \"uid\": \"LJ_uJAvmk\", + \"version\": 1 } " +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-service-dashboard + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-workload-dashboard.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-workload-dashboard.yaml new file mode 100644 index 0000000000..a3022b2cab --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-workload-dashboard.yaml @@ -0,0 +1,744 @@ +apiVersion: v1 +data: + istio-workload-dashboard.json: "{ \"__inputs\": [ { \"name\": \"DS_PROMETHEUS\", + \"label\": \"Prometheus\", \"description\": \"\", \"type\": \"datasource\", \"pluginId\": + \"prometheus\", \"pluginName\": \"Prometheus\" } ], \"__requires\": [ { \"type\": + \"grafana\", \"id\": \"grafana\", \"name\": \"Grafana\", \"version\": \"5.0.4\" + }, { \"type\": \"panel\", \"id\": \"graph\", \"name\": \"Graph\", \"version\": + \"5.0.0\" }, { \"type\": \"datasource\", \"id\": \"prometheus\", \"name\": \"Prometheus\", + \"version\": \"5.0.0\" }, { \"type\": \"panel\", \"id\": \"singlestat\", \"name\": + \"Singlestat\", \"version\": \"5.0.0\" }, { \"type\": \"panel\", \"id\": \"text\", + \"name\": \"Text\", \"version\": \"5.0.0\" } ], \"annotations\": { \"list\": [ + { \"builtIn\": 1, \"datasource\": \"-- Grafana --\", \"enable\": true, \"hide\": + true, \"iconColor\": \"rgba(0, 211, 255, 1)\", \"name\": \"Annotations & Alerts\", + \"type\": \"dashboard\" } ] }, \"editable\": false, \"gnetId\": null, \"graphTooltip\": + 0, \"id\": null, \"iteration\": 1531345461465, \"links\": [], \"panels\": [ { + \"content\": \"
\\nWORKLOAD: + $workload.$namespace\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": + 0, \"y\": 0 }, \"id\": 89, \"links\": [], \"mode\": \"html\", \"title\": \"\", + \"transparent\": true, \"type\": \"text\" }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"rgba(245, 54, 54, 0.9)\", \"rgba(237, + 129, 40, 0.89)\", \"rgba(50, 172, 45, 0.97)\" ], \"datasource\": \"Prometheus\", + \"format\": \"ops\", \"gauge\": { \"maxValue\": 100, \"minValue\": 0, \"show\": + false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, \"gridPos\": + { \"h\": 4, \"w\": 8, \"x\": 0, \"y\": 3 }, \"id\": 12, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"round(sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\"}[5m])), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"A\", + \"step\": 4 } ], \"thresholds\": \"\", \"title\": \"Incoming Request Volume\", + \"transparent\": false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", + \"valueMaps\": [ { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], + \"valueName\": \"current\" }, { \"cacheTimeout\": null, \"colorBackground\": false, + \"colorValue\": false, \"colors\": [ \"rgba(50, 172, 45, 0.97)\", \"rgba(237, + 129, 40, 0.89)\", \"rgba(245, 54, 54, 0.9)\" ], \"datasource\": \"Prometheus\", + \"decimals\": null, \"format\": \"percentunit\", \"gauge\": { \"maxValue\": 100, + \"minValue\": 80, \"show\": false, \"thresholdLabels\": false, \"thresholdMarkers\": + false }, \"gridPos\": { \"h\": 4, \"w\": 8, \"x\": 8, \"y\": 3 }, \"id\": 14, + \"interval\": null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": + \"value to text\", \"value\": 1 }, { \"name\": \"range to text\", \"value\": 2 + } ], \"maxDataPoints\": 100, \"nullPointMode\": \"connected\", \"nullText\": null, + \"postfix\": \"\", \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": + \"50%\", \"rangeMaps\": [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" + } ], \"sparkline\": { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, + \"lineColor\": \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", + \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\"}[5m])) + / sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\"}[5m]))\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"B\" } ], \"thresholds\": + \"95, 99, 99.5\", \"title\": \"Incoming Success Rate (non-5xx responses)\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 4, \"w\": 8, + \"x\": 16, \"y\": 3 }, \"id\": 87, \"legend\": { \"alignAsTable\": false, \"avg\": + false, \"current\": false, \"hideEmpty\": false, \"hideZero\": false, \"max\": + false, \"min\": false, \"rightSide\": true, \"show\": true, \"total\": false, + \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\", \"format\": + \"time_series\", \"interval\": \"\", \"intervalFactor\": 1, \"legendFormat\": + \"P50\", \"refId\": \"A\" }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"P90\", + \"refId\": \"B\" }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"P99\", + \"refId\": \"C\" } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, + \"title\": \"Request Duration\", \"tooltip\": { \"shared\": true, \"sort\": 0, + \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"s\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"cacheTimeout\": null, + \"colorBackground\": false, \"colorValue\": false, \"colors\": [ \"#299c46\", + \"rgba(237, 129, 40, 0.89)\", \"#d44a3a\" ], \"datasource\": \"Prometheus\", \"format\": + \"Bps\", \"gauge\": { \"maxValue\": 100, \"minValue\": 0, \"show\": false, \"thresholdLabels\": + false, \"thresholdMarkers\": true }, \"gridPos\": { \"h\": 4, \"w\": 12, \"x\": + 0, \"y\": 7 }, \"id\": 84, \"interval\": null, \"links\": [], \"mappingType\": + 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": 1 }, { \"name\": + \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, \"nullPointMode\": + \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": \"50%\", + \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": \"null\", + \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": \"rgba(31, + 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", \"show\": + true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\"}[1m])) + + sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\"}[1m]))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"\", \"refId\": \"A\" + } ], \"thresholds\": \"\", \"title\": \"TCP Server Traffic\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"cacheTimeout\": null, \"colorBackground\": false, \"colorValue\": false, + \"colors\": [ \"#299c46\", \"rgba(237, 129, 40, 0.89)\", \"#d44a3a\" ], \"datasource\": + \"Prometheus\", \"format\": \"Bps\", \"gauge\": { \"maxValue\": 100, \"minValue\": + 0, \"show\": false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, + \"gridPos\": { \"h\": 4, \"w\": 12, \"x\": 12, \"y\": 7 }, \"id\": 85, \"interval\": + null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value + to text\", \"value\": 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": + 100, \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", + \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": + [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": + { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": + \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", \"targets\": [ + { \"expr\": \"sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\"}[1m]))\", + \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"\", \"refId\": \"A\" } ], \"thresholds\": \"\", \"title\": \"TCP Client Traffic\", + \"transparent\": false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", + \"valueMaps\": [ { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], + \"valueName\": \"avg\" }, { \"content\": \"
\\nINBOUND + WORKLOADS\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": + 11 }, \"id\": 45, \"links\": [], \"mode\": \"html\", \"title\": \"\", \"transparent\": + true, \"type\": \"text\" }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 14 }, \"id\": 25, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null as zero\", \"percentage\": false, + \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + reporter=\\\"destination\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace, response_code), 0.001)\", \"format\": + \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + reporter=\\\"destination\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace, response_code), 0.001)\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + source_workload }}.{{ source_workload_namespace }} : {{ response_code }}\", \"refId\": + \"A\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Incoming Requests by Source And Response Code\", \"tooltip\": + { \"shared\": false, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": + \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, + \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": [ { \"format\": \"ops\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true + }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": false } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 14 }, \"id\": 26, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": + false, \"min\": false, \"show\": true, \"total\": false, \"values\": false }, + \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace) + / sum(rate(istio_requests_total{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace) + / sum(rate(istio_requests_total{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": + [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming Success Rate + (non-5xx responses) By Source\", \"tooltip\": { \"shared\": true, \"sort\": 0, + \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": 1, \"max\": \"1.01\", + \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": {}, + \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"description\": \"\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": + 0, \"y\": 20 }, \"id\": 27, \"legend\": { \"alignAsTable\": false, \"avg\": false, + \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": false, + \"min\": false, \"rightSide\": false, \"show\": true, \"total\": false, \"values\": + false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50 (\U0001F510mTLS)\", \"refId\": + \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90 (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95 (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99 (\U0001F510mTLS)\", \"refId\": + \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50\", \"refId\": \"E\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90\", \"refId\": \"F\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95\", \"refId\": \"G\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99\", \"refId\": \"H\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Incoming Request Duration by Source\", \"tooltip\": { \"shared\": true, \"sort\": + 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"s\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": {}, + \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 20 }, \"id\": + 28, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Incoming Request Size By Source\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": + \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": + false } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": + false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": + 8, \"x\": 16, \"y\": 20 }, \"id\": 68, \"legend\": { \"alignAsTable\": false, + \"avg\": false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": + false, \"rightSide\": false, \"show\": true, \"total\": false, \"values\": false + }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50 (\U0001F510mTLS)\", \"refId\": + \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90 (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95 (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99 (\U0001F510mTLS)\", \"refId\": + \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50\", \"refId\": \"E\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90\", \"refId\": \"F\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95\", \"refId\": \"G\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99\", \"refId\": \"H\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Response Size By Source\", \"tooltip\": { \"shared\": true, \"sort\": 0, \"value_type\": + \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": + \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": [ { \"format\": + \"decbytes\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", + \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": {}, \"bars\": false, + \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": + 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 26 }, \"id\": 80, \"legend\": + { \"avg\": false, \"current\": false, \"max\": false, \"min\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace}} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}}\", + \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Bytes Received from Incoming TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 26 }, \"id\": + 82, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"destination\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}} + (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"destination\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}}\", + \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Bytes Sent to Incoming TCP Connection\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] }, { \"content\": + \"
\\nOUTBOUND SERVICES\\n
\", + \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": 32 }, \"id\": 69, \"links\": + [], \"mode\": \"html\", \"title\": \"\", \"transparent\": true, \"type\": \"text\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": { \"h\": 6, \"w\": 12, + \"x\": 0, \"y\": 35 }, \"id\": 70, \"legend\": { \"avg\": false, \"current\": + false, \"hideEmpty\": true, \"max\": false, \"min\": false, \"show\": true, \"total\": + false, \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], + \"nullPointMode\": \"null as zero\", \"percentage\": false, \"pointradius\": 5, + \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\", + source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + reporter=\\\"source\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) by (destination_service, + response_code), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, + \"legendFormat\": \"{{ destination_service }} : {{ response_code }} (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + reporter=\\\"source\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) by (destination_service, + response_code), 0.001)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }} : {{ response_code }}\", \"refId\": + \"A\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Outgoing Requests by Destination And Response Code\", \"tooltip\": + { \"shared\": false, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": + \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, + \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": [ { \"format\": \"ops\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true + }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": false } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 35 }, \"id\": 71, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": + false, \"min\": false, \"show\": true, \"total\": false, \"values\": false }, + \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service) / sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }} (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service) / sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{destination_service }}\", \"refId\": \"B\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Outgoing Success Rate (non-5xx responses) By Destination\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": + 1, \"max\": \"1.01\", \"min\": \"0\", \"show\": true }, { \"format\": \"short\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false + } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": + false, \"datasource\": \"Prometheus\", \"description\": \"\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 8, \"x\": 0, \"y\": 41 }, \"id\": 72, \"legend\": { \"alignAsTable\": + false, \"avg\": false, \"current\": false, \"hideEmpty\": true, \"hideZero\": + false, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": true, \"total\": + false, \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], + \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": + false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": + false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_service }} P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, + { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Outgoing Request Duration by Destination\", \"tooltip\": { + \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 41 }, \"id\": + 73, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_service }} P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, + { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Outgoing Request Size By Destination\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 16, \"y\": 41 }, \"id\": + 74, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_service }} P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, + { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Response Size By Destination\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 47 }, \"id\": + 76, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service), 0.001)\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service + }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service), 0.001)\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service + }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Bytes Sent on Outgoing TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 47 }, \"id\": + 78, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }} (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }}\", \"refId\": \"B\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Bytes Received from Outgoing TCP Connection\", \"tooltip\": { \"shared\": true, + \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] } ], \"refresh\": + \"10s\", \"schemaVersion\": 16, \"style\": \"dark\", \"tags\": [], \"templating\": + { \"list\": [ { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", + \"hide\": 0, \"includeAll\": false, \"label\": \"Namespace\", \"multi\": false, + \"name\": \"namespace\", \"options\": [], \"query\": \"query_result(sum(istio_requests_total) + by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))\", + \"refresh\": 1, \"regex\": \"/.*_namespace=\\\"([^\\\"]*).*/\", \"sort\": 0, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", \"hide\": + 0, \"includeAll\": false, \"label\": \"Workload\", \"multi\": false, \"name\": + \"workload\", \"options\": [], \"query\": \"query_result((sum(istio_requests_total{destination_workload_namespace=~\\\"$namespace\\\"}) + by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\\\"$namespace\\\"}) + by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\\\"$namespace\\\"}) + by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\\\"$namespace\\\"}) + by (source_workload)))\", \"refresh\": 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", + \"sort\": 1, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false }, { \"allValue\": null, \"current\": {}, \"datasource\": + \"Prometheus\", \"hide\": 0, \"includeAll\": true, \"label\": \"Inbound Workload + Namespace\", \"multi\": true, \"name\": \"srcns\", \"options\": [], \"query\": + \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", destination_workload=\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}) by (source_workload_namespace) + or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", destination_workload=\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}) by (source_workload_namespace))\", + \"refresh\": 1, \"regex\": \"/.*namespace=\\\"([^\\\"]*).*/\", \"sort\": 2, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", \"hide\": + 0, \"includeAll\": true, \"label\": \"Inbound Workload\", \"multi\": true, \"name\": + \"srcwl\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload))\", \"refresh\": + 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", \"sort\": 3, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", \"hide\": + 0, \"includeAll\": true, \"label\": \"Destination Service\", \"multi\": true, + \"name\": \"dstsvc\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"source\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\"}) + by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\\\"source\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\"}) + by (destination_service))\", \"refresh\": 1, \"regex\": \"/.*destination_service=\\\"([^\\\"]*).*/\", + \"sort\": 4, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false } ] }, \"time\": { \"from\": \"now-5m\", \"to\": + \"now\" }, \"timepicker\": { \"refresh_intervals\": [ \"5s\", \"10s\", \"30s\", + \"1m\", \"5m\", \"15m\", \"30m\", \"1h\", \"2h\", \"1d\" ], \"time_options\": + [ \"5m\", \"15m\", \"1h\", \"6h\", \"12h\", \"24h\", \"2d\", \"7d\", \"30d\" ] + }, \"timezone\": \"\", \"title\": \"Istio Workload Dashboard\", \"uid\": \"UbsSZTDik\", + \"version\": 1 } " +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-workload-dashboard + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-mixer-dashboard.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-mixer-dashboard.yaml new file mode 100644 index 0000000000..9a7f42a256 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-mixer-dashboard.yaml @@ -0,0 +1,359 @@ +apiVersion: v1 +data: + mixer-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", + "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": + "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", "name": + "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": "Graph", + "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": "Prometheus", + "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", "version": + "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana + --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "limit": + 100, "name": "Annotations & Alerts", "showIn": 0, "type": "dashboard" } ] }, "editable": + false, "gnetId": null, "graphTooltip": 1, "id": null, "iteration": 1543881232533, + "links": [], "panels": [ { "content": "

Deployed Versions

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": "40", "id": 62, "links": + [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 5, "w": 24, "x": 0, "y": 3 }, "id": 64, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{{ tag }}", "refId": "A" + } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Mixer Versions", + "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": + "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, + "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "content": "

Resource Usage

", "gridPos": + { "h": 3, "w": 24, "x": 0, "y": 8 }, "height": "40", "id": 29, "links": [], "mode": + "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, + "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 11 }, "id": 5, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "instant": false, "intervalFactor": 2, "legendFormat": + "Virtual Memory ({{ job }})", "refId": "I" }, { "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident + Memory ({{ job }})", "refId": "H" }, { "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": + "heap sys ({{ job }})", "refId": "A" }, { "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": + "heap alloc ({{ job }})", "refId": "D" }, { "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Alloc + ({{ job }})", "refId": "F" }, { "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": + "Heap in-use ({{ job }})", "refId": "E" }, { "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Stack + in-use ({{ job }})", "refId": "G" }, { "expr": "sum(label_replace(container_memory_usage_bytes{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", + \"(istio-telemetry|istio-policy)-.*\")) by (service)", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} total (k8s)", + "refId": "C" }, { "expr": "sum(label_replace(container_memory_usage_bytes{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", + \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", "format": + "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service + }} - {{ container_name }} (k8s)", "refId": "B" } ], "thresholds": [], "timeFrom": + null, "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, + { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 11 }, "id": 6, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", + \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} total (k8s)", + "refId": "A" }, { "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), + \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", "format": + "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service + }} - {{ container_name }} (k8s)", "refId": "B" }, { "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) + by (job)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": + "{{ job }} (self-reported)", "refId": "C" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 12, "y": 11 }, "id": 7, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": + "time_series", "hide": true, "instant": false, "interval": "", "intervalFactor": + 2, "legendFormat": "Open FDs ({{ job }})", "refId": "A" }, { "expr": "sum(label_replace(container_fs_usage_bytes{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", + \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", "format": + "time_series", "intervalFactor": 2, "legendFormat": "{{ service }} - {{ container_name + }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": "", "logBase": + 1, "max": null, "min": null, "show": true }, { "decimals": null, "format": "none", + "label": "", "logBase": 1024, "max": null, "min": null, "show": false } ], "yaxis": + { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, + "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": + { "h": 7, "w": 6, "x": 18, "y": 11 }, "id": 4, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": false, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines ({{ + job }})", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

Mixer Overview

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 18 }, "height": "40px", "id": 30, "links": + [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 0, "y": 21 }, "id": 9, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", "format": + "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "mixer (Total)", + "refId": "B" }, { "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", + "format": "time_series", "intervalFactor": 2, "legendFormat": "mixer ({{ grpc_server_method + }})", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Incoming Requests", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 6, "x": 6, "y": 21 }, "id": 8, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [ { + "alias": "{}", "yaxis": 1 } ], "spaceLength": 10, "stack": false, "steppedLine": + false, "targets": [ { "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) + by (grpc_server_method, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ grpc_server_method }} 0.5", "refId": "B" }, { "expr": "histogram_quantile(0.9, + sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, + le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ grpc_server_method + }} 0.9", "refId": "C" }, { "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) + by (grpc_server_method, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ grpc_server_method }} 0.99", "refId": "D" } ], "thresholds": [], "timeFrom": + null, "timeShift": null, "title": "Response Durations", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "ms", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { + "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 12, "y": 21 }, "id": + 11, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) + by (grpc_method)", "format": "time_series", "intervalFactor": 2, "legendFormat": + "Mixer {{ grpc_method }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Server Error Rate (5xx responses)", "tooltip": { + "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 18, "y": + 21 }, "id": 12, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) + by (grpc_method)", "format": "time_series", "intervalFactor": 2, "legendFormat": + "Mixer {{ grpc_method }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Non-successes (4xxs)", "tooltip": { "shared": true, + "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "content": + "

Adapters and Config

", "gridPos": { "h": 3, "w": 24, + "x": 0, "y": 27 }, "id": 28, "links": [], "mode": "html", "title": "", "transparent": + true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, + "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": + 12, "x": 0, "y": 30 }, "id": 13, "legend": { "avg": false, "current": false, "max": + false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", + "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ adapter }}", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Adapter Dispatch Count", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 12, "x": 12, "y": 30 }, "id": 14, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) + by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ adapter }} - p50", "refId": "A" }, { "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) + by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ adapter }} - p90 ", "refId": "B" }, { "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) + by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ adapter }} - p99", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Adapter Dispatch Duration", "tooltip": { "shared": true, "sort": + 1, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 37 }, "id": 60, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by + (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Rules", + "refId": "A" }, { "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) + by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Config Errors", "refId": "B" }, { "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) + by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Match Errors", "refId": "C" }, { "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) + by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Unsatisfied Actions", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Rules", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 6, "y": 37 }, "id": 56, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Instances", "refId": "A" + } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Instances + in Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 12, "y": 37 }, "id": 54, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Handlers", "refId": "A" } + ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Handlers in + Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 18, "y": 37 }, "id": 58, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", "format": + "time_series", "instant": false, "intervalFactor": 1, "legendFormat": "Attributes", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Attributes in Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

Individual Adapters

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 44 }, "id": 23, "links": [], "mode": + "html", "title": "", "transparent": true, "type": "text" }, { "collapsed": false, + "gridPos": { "h": 1, "w": 24, "x": 0, "y": 47 }, "id": 46, "panels": [], "repeat": + "adapter", "title": "$adapter Adapter", "type": "row" }, { "aliasColors": {}, + "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 48 }, "id": 17, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=\"$adapter\"}[1m]),\"handler\", + \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", "format": "time_series", + "intervalFactor": 2, "legendFormat": "{{ handler }} (error: {{ error }})", "refId": + "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Dispatch + Count By Handler", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 12, "x": 12, "y": 48 }, "id": 18, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=\"$adapter\"}[1m])) + by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", + "format": "time_series", "intervalFactor": 2, "legendFormat": "p50 - {{ handler_short + }} (error: {{ error }})", "refId": "A" }, { "expr": "label_replace(histogram_quantile(0.9, + sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=\"$adapter\"}[1m])) + by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", + "format": "time_series", "intervalFactor": 2, "legendFormat": "p90 - {{ handler_short + }} (error: {{ error }})", "refId": "D" }, { "expr": "label_replace(histogram_quantile(0.99, + sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=\"$adapter\"}[1m])) + by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", + "format": "time_series", "intervalFactor": 2, "legendFormat": "p99 - {{ handler_short + }} (error: {{ error }})", "refId": "E" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Dispatch Duration By Handler", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": + "5s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": + [ { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": + true, "label": "Adapter", "multi": true, "name": "adapter", "options": [], "query": + "label_values(adapter)", "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": + "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false } ] }, "time": + { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", + "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ + "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", + "title": "Istio Mixer Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-mixer-dashboard + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-pilot-dashboard.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-pilot-dashboard.yaml new file mode 100644 index 0000000000..32987ba7de --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-pilot-dashboard.yaml @@ -0,0 +1,307 @@ +apiVersion: v1 +data: + pilot-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", + "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": + "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", "name": + "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": "Graph", + "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": "Prometheus", + "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", "version": + "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana + --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": + "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": + null, "graphTooltip": 1, "id": null, "links": [], "panels": [ { "content": "

Deployed + Versions

", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": + "40", "id": 58, "links": [], "mode": "html", "title": "", "transparent": true, + "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": + false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 5, "w": 24, "x": + 0, "y": 3 }, "id": 56, "legend": { "avg": false, "current": false, "max": false, + "min": false, "show": true, "total": false, "values": false }, "lines": true, + "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": + 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": + 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build{component=\"pilot\"}) + by (tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ tag + }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Pilot Versions", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

Resource Usage

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 8 }, "height": "40", "id": 29, "links": + [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 11 }, "id": 5, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "process_virtual_memory_bytes{job=\"pilot\"}", "format": + "time_series", "instant": false, "intervalFactor": 2, "legendFormat": "Virtual + Memory", "refId": "I", "step": 2 }, { "expr": "process_resident_memory_bytes{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", + "refId": "H", "step": 2 }, { "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", + "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap + sys", "refId": "A" }, { "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", + "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap + alloc", "refId": "D" }, { "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F", "step": + 2 }, { "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": "E", + "step": 2 }, { "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "G", + "step": 2 }, { "expr": "sum(container_memory_usage_bytes{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"})", "format": "time_series", "hide": false, "intervalFactor": + 2, "legendFormat": "Total (k8s)", "refId": "C", "step": 2 }, { "expr": "container_memory_usage_bytes{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}", "format": "time_series", "hide": false, "intervalFactor": + 2, "legendFormat": "{{ container_name }} (k8s)", "refId": "B", "step": 2 } ], + "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Memory", "tooltip": + { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": + 11 }, "id": 6, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}[1m]))", "format": "time_series", "hide": false, + "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "A", "step": 2 }, + { "expr": "sum(rate(container_cpu_usage_seconds_total{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "{{ container_name }} (k8s)", + "refId": "B", "step": 2 }, { "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", + "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "pilot + (self-reported)", "refId": "C", "step": 2 } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 12, "y": 11 }, "id": 7, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "process_open_fds{job=\"pilot\"}", "format": "time_series", "hide": true, "instant": + false, "interval": "", "intervalFactor": 2, "legendFormat": "Open FDs (pilot)", + "refId": "A" }, { "expr": "container_fs_usage_bytes{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}", "format": "time_series", "intervalFactor": 2, + "legendFormat": "{{ container_name }}", "refId": "B", "step": 2 } ], "thresholds": + [], "timeFrom": null, "timeShift": null, "title": "Disk", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "bytes", "label": "", "logBase": 1, "max": null, "min": null, "show": + true }, { "decimals": null, "format": "none", "label": "", "logBase": 1024, "max": + null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 18, "y": + 11 }, "id": 4, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": false, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines", + "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

xDS

", "gridPos": + { "h": 3, "w": 24, "x": 0, "y": 18 }, "id": 28, "links": [], "mode": "html", "title": + "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, + "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": + { "h": 6, "w": 8, "x": 0, "y": 21 }, "id": 40, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(irate(envoy_cluster_update_success{cluster_name=\"xds-grpc\"}[1m]))", "format": + "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "XDS GRPC Successes", + "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Updates", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "ops", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 21 }, "id": 42, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "round(sum(rate(envoy_cluster_update_attempt{cluster_name=\"xds-grpc\"}[1m])) + - sum(rate(envoy_cluster_update_success{cluster_name=\"xds-grpc\"}[1m])))", "format": + "time_series", "intervalFactor": 2, "legendFormat": "XDS GRPC ", "refId": "A", + "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Failures", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 16, "y": 21 }, "id": 41, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Pilot (XDS GRPC)", "refId": + "C", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Active Connections", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 8, "w": 8, "x": 0, "y": 27 }, "id": 45, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "pilot_conflict_inbound_listener{job=\"pilot\"}", "format": "time_series", "intervalFactor": + 1, "legendFormat": "Inbound Listeners", "refId": "B" }, { "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Outbound Listeners + (http over current tcp)", "refId": "A" }, { "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Outbound Listeners + (tcp over current tcp)", "refId": "C" }, { "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Outbound Listeners + (tcp over current http)", "refId": "D" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Conflicts", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, + { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 8, "y": 27 }, "id": 47, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "pilot_virt_services{job=\"pilot\"}", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Virtual Services", "refId": "A" }, { "expr": + "pilot_services{job=\"pilot\"}", "format": "time_series", "intervalFactor": 1, + "legendFormat": "Services", "refId": "B" }, { "expr": "label_replace(sum(pilot_xds_cds_reject{job=\"pilot\"}) + by (node, err), \"node\", \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", + "hide": true, "intervalFactor": 1, "legendFormat": "Rejected CDS Configs - {{ + node }}: {{ err }}", "refId": "C" }, { "expr": "pilot_xds_eds_reject{job=\"pilot\"}", + "format": "time_series", "hide": true, "intervalFactor": 1, "legendFormat": "Rejected + EDS Configs", "refId": "D" }, { "expr": "pilot_xds{job=\"pilot\"}", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Connected Endpoints", "refId": + "E" }, { "expr": "rate(pilot_xds_write_timeout{job=\"pilot\"}[1m])", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Write Timeouts", "refId": + "F" }, { "expr": "rate(pilot_xds_push_timeout{job=\"pilot\"}[1m])", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Push Timeouts", "refId": + "G" }, { "expr": "rate(pilot_xds_pushes{job=\"pilot\"}[1m])", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Pushes ({{ type }})", "refId": "H" }, { + "expr": "rate(pilot_xds_push_errors{job=\"pilot\"}[1m])", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Push Errors ({{ type }})", "refId": "I" + } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "ADS Monitoring", + "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": + "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, + "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 16, "y": + 27 }, "id": 49, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "label_replace(sum(pilot_xds_cds_reject{job=\"pilot\"}) + by (node, err), \"node\", \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", + "intervalFactor": 1, "legendFormat": "{{ node }} ({{ err }})", "refId": "A" } + ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Rejected CDS + Configs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, + "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": + true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 8, "x": 0, "y": 35 }, "id": 52, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "label_replace(sum(pilot_xds_eds_reject{job=\"pilot\"}) by (node, err), \"node\", + \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", "intervalFactor": + 1, "legendFormat": "{{ node }} ({{err}})", "refId": "A" } ], "thresholds": [], + "timeFrom": null, "timeShift": null, "title": "Rejected EDS Configs", "tooltip": + { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 8, "x": 8, "y": + 35 }, "id": 54, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "label_replace(sum(pilot_xds_lds_reject{job=\"pilot\"}) + by (node, err), \"node\", \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", + "intervalFactor": 1, "legendFormat": "{{ node }} ({{err}})", "refId": "A" } ], + "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Rejected LDS + Configs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, + "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": + true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 8, "x": 16, "y": 35 }, "id": 53, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "label_replace(sum(pilot_xds_rds_reject{job=\"pilot\"}) by (node, err), \"node\", + \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", "intervalFactor": + 1, "legendFormat": "{{ node }} ({{err}})", "refId": "A" } ], "thresholds": [], + "timeFrom": null, "timeShift": null, "title": "Rejected RDS Configs", "tooltip": + { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": { "outbound|80||default-http-backend.kube-system.svc.cluster.local": + "rgba(255, 255, 255, 0.97)" }, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 8, "x": 0, "y": + 42 }, "id": 51, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [ { "alias": "outbound|80||default-http-backend.kube-system.svc.cluster.local", + "yaxis": 1 } ], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": + [ { "expr": "sum(pilot_xds_eds_instances{job=\"pilot\"}) by (cluster)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{{ cluster }}", "refId": + "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "EDS + Instances", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 16, "style": + "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", + "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", + "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", + "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Istio Pilot + Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-pilot-dashboard + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-custom-resources.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-custom-resources.yaml new file mode 100644 index 0000000000..6329dad866 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-custom-resources.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +data: + custom-resources.yaml: |- + apiVersion: authentication.istio.io/v1alpha1 + kind: Policy + metadata: + name: grafana-ports-mtls-disabled + namespace: istio-system + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + spec: + targets: + - name: grafana + ports: + - number: 3000 + run.sh: |- + #!/bin/sh + + set -x + + if [ "$#" -ne "1" ]; then + echo "first argument should be path to custom resource yaml" + exit 1 + fi + + pathToResourceYAML=${1} + + kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" + while true; do + kubectl -n istio-system get deployment istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + break + fi + sleep 1 + done + kubectl -n istio-system rollout status deployment istio-galley + if [ "$?" -ne 0 ]; then + echo "istio-galley deployment rollout status check failed" + exit 1 + fi + echo "istio-galley deployment ready for configuration validation" + fi + sleep 5 + kubectl apply -f ${pathToResourceYAML} +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-custom-resources + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana.yaml new file mode 100644 index 0000000000..251c4e2669 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +data: + dashboardproviders.yaml: | + apiVersion: 1 + providers: + - disableDeletion: false + folder: istio + name: istio + options: + path: /var/lib/grafana/dashboards/istio + orgId: 1 + type: file + datasources.yaml: | + apiVersion: 1 + datasources: + - access: proxy + editable: true + isDefault: true + jsonData: + timeInterval: 5s + name: Prometheus + orgId: 1 + type: prometheus + url: http://prometheus:9090 +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml new file mode 100644 index 0000000000..337758a25f --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +data: + custom-resources.yaml: |- + # Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. + apiVersion: "authentication.istio.io/v1alpha1" + kind: "MeshPolicy" + metadata: + name: "default" + labels: + app: security + chart: security + heritage: Tiller + release: istio + spec: + peers: + - mtls: + mode: PERMISSIVE + run.sh: |- + #!/bin/sh + + set -x + + if [ "$#" -ne "1" ]; then + echo "first argument should be path to custom resource yaml" + exit 1 + fi + + pathToResourceYAML=${1} + + kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" + while true; do + kubectl -n istio-system get deployment istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + break + fi + sleep 1 + done + kubectl -n istio-system rollout status deployment istio-galley + if [ "$?" -ne 0 ]; then + echo "istio-galley deployment rollout status check failed" + exit 1 + fi + echo "istio-galley deployment ready for configuration validation" + fi + sleep 5 + kubectl apply -f ${pathToResourceYAML} +kind: ConfigMap +metadata: + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + name: istio-security-custom-resources + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..03832c4720 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml @@ -0,0 +1,102 @@ +apiVersion: v1 +data: + config: "policy: enabled\ntemplate: |-\n rewriteAppHTTPProbe: false\n initContainers:\n + \ [[ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) + \"NONE\" ]]\n - name: istio-init\n image: \"docker.io/istio/proxy_init:1.1.6\"\n + \ args:\n - \"-p\"\n - [[ .MeshConfig.ProxyListenPort ]]\n - \"-u\"\n + \ - 1337\n - \"-m\"\n - [[ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` + .ProxyConfig.InterceptionMode ]]\n - \"-i\"\n - \"[[ annotation .ObjectMeta + `traffic.sidecar.istio.io/includeOutboundIPRanges` \"*\" ]]\"\n - \"-x\"\n + \ - \"[[ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` + \ \"\" ]]\"\n - \"-b\"\n - \"[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` + (includeInboundPorts .Spec.Containers) ]]\"\n - \"-d\"\n - \"[[ excludeInboundPort + (annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 ) (annotation .ObjectMeta + `traffic.sidecar.istio.io/excludeInboundPorts` \"\" ) ]]\"\n [[ if (isset + .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -]]\n - + \"-k\"\n - \"[[ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` + ]]\"\n [[ end -]]\n imagePullPolicy: IfNotPresent\n resources:\n requests:\n + \ cpu: 10m\n memory: 10Mi\n limits:\n cpu: 100m\n memory: + 50Mi\n securityContext:\n runAsUser: 0\n runAsNonRoot: false\n capabilities:\n + \ add:\n - NET_ADMIN\n restartPolicy: Always\n [[ end -]]\n containers:\n + \ - name: istio-proxy\n image: [[ annotation .ObjectMeta `sidecar.istio.io/proxyImage` + \ \"docker.io/istio/proxyv2:1.1.6\" ]]\n ports:\n - containerPort: 15090\n + \ protocol: TCP\n name: http-envoy-prom\n args:\n - proxy\n - + sidecar\n - --domain\n - $(POD_NAMESPACE).svc.cluster.local\n - --configPath\n + \ - [[ .ProxyConfig.ConfigPath ]]\n - --binaryPath\n - [[ .ProxyConfig.BinaryPath + ]]\n - --serviceCluster\n [[ if ne \"\" (index .ObjectMeta.Labels \"app\") + -]]\n - [[ index .ObjectMeta.Labels \"app\" ]].$(POD_NAMESPACE)\n [[ else + -]]\n - [[ valueOrDefault .DeploymentMeta.Name \"istio-proxy\" ]].[[ valueOrDefault + .DeploymentMeta.Namespace \"default\" ]]\n [[ end -]]\n - --drainDuration\n + \ - [[ formatDuration .ProxyConfig.DrainDuration ]]\n - --parentShutdownDuration\n + \ - [[ formatDuration .ProxyConfig.ParentShutdownDuration ]]\n - --discoveryAddress\n + \ - [[ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress + ]]\n - --zipkinAddress\n - [[ .ProxyConfig.GetTracing.GetZipkin.GetAddress + ]]\n - --connectTimeout\n - [[ formatDuration .ProxyConfig.ConnectTimeout + ]]\n - --proxyAdminPort\n - [[ .ProxyConfig.ProxyAdminPort ]]\n [[ if + gt .ProxyConfig.Concurrency 0 -]]\n - --concurrency\n - [[ .ProxyConfig.Concurrency + ]]\n [[ end -]]\n - --controlPlaneAuthPolicy\n - [[ annotation .ObjectMeta + `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy + ]]\n [[- if (ne (annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 + ) \"0\") ]]\n - --statusPort\n - [[ annotation .ObjectMeta `status.sidecar.istio.io/port` + \ 15020 ]]\n - --applicationPorts\n - \"[[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` + (applicationPorts .Spec.Containers) ]]\"\n [[- end ]]\n env:\n - name: + POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n + \ - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: + metadata.namespace\n - name: INSTANCE_IP\n valueFrom:\n fieldRef:\n + \ fieldPath: status.podIP\n \n - name: ISTIO_META_POD_NAME\n valueFrom:\n + \ fieldRef:\n fieldPath: metadata.name\n - name: ISTIO_META_CONFIG_NAMESPACE\n + \ valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n + \ - name: ISTIO_META_INTERCEPTION_MODE\n value: [[ or (index .ObjectMeta.Annotations + \"sidecar.istio.io/interceptionMode\") .ProxyConfig.InterceptionMode.String ]]\n + \ [[ if .ObjectMeta.Annotations ]]\n - name: ISTIO_METAJSON_ANNOTATIONS\n + \ value: |\n [[ toJSON .ObjectMeta.Annotations ]]\n [[ end + ]]\n [[ if .ObjectMeta.Labels ]]\n - name: ISTIO_METAJSON_LABELS\n value: + |\n [[ toJSON .ObjectMeta.Labels ]]\n [[ end ]]\n [[- if (isset + .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) ]]\n - name: + ISTIO_BOOTSTRAP_OVERRIDE\n value: \"/etc/istio/custom-bootstrap/custom_bootstrap.json\"\n + \ [[- end ]]\n imagePullPolicy: IfNotPresent\n [[ if (ne (annotation .ObjectMeta + `status.sidecar.istio.io/port` 15020 ) \"0\") ]]\n readinessProbe:\n httpGet:\n + \ path: /healthz/ready\n port: [[ annotation .ObjectMeta `status.sidecar.istio.io/port` + \ 15020 ]]\n initialDelaySeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` + \ 1 ]]\n periodSeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` + \ 2 ]]\n failureThreshold: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` + \ 30 ]]\n [[ end -]]securityContext:\n readOnlyRootFilesystem: true\n + \ [[ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) + \"TPROXY\" -]]\n capabilities:\n add:\n - NET_ADMIN\n runAsGroup: + 1337\n [[ else -]]\n \n runAsUser: 1337\n [[- end ]]\n resources:\n + \ [[ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset + .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -]]\n requests:\n + \ [[ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -]]\n + \ cpu: \"[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` ]]\"\n + \ [[ end ]]\n [[ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) + -]]\n memory: \"[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` + ]]\"\n [[ end ]]\n [[ else -]]\n limits:\n cpu: 2000m\n + \ memory: 128Mi\n requests:\n cpu: 10m\n memory: 40Mi\n + \ \n [[ end -]]\n volumeMounts:\n [[- if (isset .ObjectMeta.Annotations + `sidecar.istio.io/bootstrapOverride`) ]]\n - mountPath: /etc/istio/custom-bootstrap\n + \ name: custom-bootstrap-volume\n [[- end ]]\n - mountPath: /etc/istio/proxy\n + \ name: istio-envoy\n - mountPath: /etc/certs/\n name: istio-certs\n + \ readOnly: true\n [[- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` + ]]\n [[ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) + ]]\n - name: \"[[ $index ]]\"\n [[ toYaml $value | indent 4 ]]\n [[ + end ]]\n [[- end ]]\n volumes:\n [[- if (isset .ObjectMeta.Annotations + `sidecar.istio.io/bootstrapOverride`) ]]\n - name: custom-bootstrap-volume\n + \ configMap:\n name: [[ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` + `` ]]\n [[- end ]]\n - emptyDir:\n medium: Memory\n name: istio-envoy\n + \ - name: istio-certs\n secret:\n optional: true\n [[ if eq .Spec.ServiceAccountName + \"\" -]]\n secretName: istio.default\n [[ else -]]\n secretName: + [[ printf \"istio.%s\" .Spec.ServiceAccountName ]]\n [[ end -]]\n [[- + if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` ]]\n [[ range + $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) + ]]\n - name: \"[[ $index ]]\"\n [[ toYaml $value | indent 2 ]]\n [[ end + ]]\n [[ end ]]" +kind: ConfigMap +metadata: + labels: + app: istio + chart: istio + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio.yaml new file mode 100644 index 0000000000..be0ffff1af --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_istio.yaml @@ -0,0 +1,77 @@ +apiVersion: v1 +data: + mesh: "# Set the following variable to true to disable policy checks by the Mixer.\n# + Note that metrics will still be reported to the Mixer.\ndisablePolicyChecks: false\n\n# + Set enableTracing to false to disable request tracing.\nenableTracing: true\n\n# + Set accessLogFile to empty string to disable access log.\naccessLogFile: \"/dev/stdout\"\n\n# + If accessLogEncoding is TEXT, value will be used directly as the log format\n# + example: \"[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\\n\"\n# + If AccessLogEncoding is JSON, value will be parsed as map[string]string\n# example: + '{\"start_time\": \"%START_TIME%\", \"req_method\": \"%REQ(:METHOD)%\"}'\n# Leave + empty to use default log format\naccessLogFormat: \"\"\n\n# Set accessLogEncoding + to JSON or TEXT to configure sidecar access log\naccessLogEncoding: 'TEXT'\nmixerCheckServer: + istio-policy.istio-system.svc.cluster.local:9091\nmixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091\n# + policyCheckFailOpen allows traffic in cases when the mixer policy service cannot + be reached.\n# Default is false which means the traffic is denied when the client + is unable to connect to Mixer.\npolicyCheckFailOpen: false\n# Let Pilot give ingresses + the public IP of the Istio ingressgateway\ningressService: istio-ingressgateway\n\n# + Default connect timeout for dynamic clusters generated by Pilot and returned via + XDS\nconnectTimeout: 10s\n\n# DNS refresh rate for Envoy clusters of type STRICT_DNS\ndnsRefreshRate: + 5s\n\n# Unix Domain Socket through which envoy communicates with NodeAgent SDS + to get\n# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. + \nsdsUdsPath: \n\n# This flag is used by secret discovery service(SDS). \n# If + set to true(prerequisite: https://kubernetes.io/docs/concepts/storage/volumes/#projected), + Istio will inject volumes mount \n# for k8s service account JWT, so that K8s API + server mounts k8s service account JWT to envoy container, which \n# will be used + to generate key/cert eventually. This isn't supported for non-k8s case.\nenableSdsTokenMount: + false\n\n# This flag is used by secret discovery service(SDS). \n# If set to true, + envoy will fetch normal k8s service account JWT from '/var/run/secrets/kubernetes.io/serviceaccount/token' + \n# (https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod) + \n# and pass to sds server, which will be used to request key/cert eventually. + \n# this flag is ignored if enableSdsTokenMount is set.\n# This isn't supported + for non-k8s case.\nsdsUseK8sSaJwt: false\n\n# The trust domain corresponds to + the trust root of a system.\n# Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain\ntrustDomain: + \n\n# Set the default behavior of the sidecar for handling outbound traffic from + the application:\n# ALLOW_ANY - outbound traffic to unknown destinations will + be allowed, in case there are no\n# services or ServiceEntries for the destination + port\n# REGISTRY_ONLY - restrict outbound traffic to services defined in the service + registry as well\n# as those defined through ServiceEntries \noutboundTrafficPolicy:\n + \ mode: ALLOW_ANY\n\nlocalityLbSetting:\n {}\n \n\n# The namespace to treat + as the administrative root namespace for istio\n# configuration. \nrootNamespace: + istio-system\nconfigSources:\n- address: istio-galley.istio-system.svc:9901\n\ndefaultConfig:\n + \ #\n # TCP connection timeout between Envoy & the application, and between Envoys. + \ Used for static clusters\n # defined in Envoy's configuration file\n connectTimeout: + 10s\n #\n ### ADVANCED SETTINGS #############\n # Where should envoy's configuration + be stored in the istio-proxy container\n configPath: \"/etc/istio/proxy\"\n binaryPath: + \"/usr/local/bin/envoy\"\n # The pseudo service name used for Envoy.\n serviceCluster: + istio-proxy\n # These settings that determine how long an old Envoy\n # process + should be kept alive after an occasional reload.\n drainDuration: 45s\n parentShutdownDuration: + 1m0s\n #\n # The mode used to redirect inbound connections to Envoy. This setting\n + \ # has no effect on outbound traffic: iptables REDIRECT is always used for\n + \ # outbound connections.\n # If \"REDIRECT\", use iptables REDIRECT to NAT and + redirect to Envoy.\n # The \"REDIRECT\" mode loses source addresses during redirection.\n + \ # If \"TPROXY\", use iptables TPROXY to redirect to Envoy.\n # The \"TPROXY\" + mode preserves both the source and destination IP\n # addresses and ports, so + that they can be used for advanced filtering\n # and manipulation.\n # The \"TPROXY\" + mode also configures the sidecar to run with the\n # CAP_NET_ADMIN capability, + which is required to use TPROXY.\n #interceptionMode: REDIRECT\n #\n # Port + where Envoy listens (on local host) for admin commands\n # You can exec into + the istio-proxy container in a pod and\n # curl the admin port (curl http://localhost:15000/) + to obtain\n # diagnostic information from Envoy. See\n # https://lyft.github.io/envoy/docs/operations/admin.html\n + \ # for more details\n proxyAdminPort: 15000\n #\n # Set concurrency to a specific + number to control the number of Proxy worker threads.\n # If set to 0 (default), + then start worker thread for each CPU thread/core.\n concurrency: 2\n #\n tracing:\n + \ zipkin:\n # Address of the Zipkin collector\n address: zipkin.istio-system:9411\n + \ #\n # Mutual TLS authentication between sidecars and istio control plane.\n + \ controlPlaneAuthPolicy: NONE\n #\n # Address where istio Pilot service is + running\n discoveryAddress: istio-pilot.istio-system:15010" + meshNetworks: 'networks: {}' +kind: ConfigMap +metadata: + labels: + app: istio + chart: istio + heritage: Tiller + release: istio + name: istio + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_kiali.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_kiali.yaml new file mode 100644 index 0000000000..ec52e4be53 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_kiali.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + config.yaml: "istio_namespace: istio-system\nserver:\n port: 20001\nexternal_services:\n + \ istio:\n url_service_version: http://istio-pilot:8080/version\n jaeger:\n + \ url: \n grafana:\n url: \n" +kind: ConfigMap +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_prometheus.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_prometheus.yaml new file mode 100644 index 0000000000..1a06e2ff6c --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_configmap_prometheus.yaml @@ -0,0 +1,313 @@ +apiVersion: v1 +data: + prometheus.yml: |- + global: + scrape_interval: 15s + scrape_configs: + + - job_name: 'istio-mesh' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;prometheus + + # Scrape config for envoy stats + - job_name: 'envoy-stats' + metrics_path: /stats/prometheus + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:15090 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name + + metric_relabel_configs: + # Exclude some of the envoy metrics that have massive cardinality + # This list may need to be pruned further moving forward, as informed + # by performance and scalability testing. + - source_labels: [ cluster_name ] + regex: '(outbound|inbound|prometheus_stats).*' + action: drop + - source_labels: [ tcp_prefix ] + regex: '(outbound|inbound|prometheus_stats).*' + action: drop + - source_labels: [ listener_address ] + regex: '(.+)' + action: drop + - source_labels: [ http_conn_manager_listener_prefix ] + regex: '(.+)' + action: drop + - source_labels: [ http_conn_manager_prefix ] + regex: '(.+)' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_tls.*' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_tcp_downstream.*' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_http_(stats|admin).*' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*' + action: drop + + - job_name: 'istio-policy' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-policy;http-monitoring + + - job_name: 'istio-telemetry' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;http-monitoring + + - job_name: 'pilot' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-pilot;http-monitoring + + - job_name: 'galley' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-galley;http-monitoring + + - job_name: 'citadel' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-citadel;http-monitoring + + # scrape config for API servers + - job_name: 'kubernetes-apiservers' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: kubernetes;https + + # scrape config for nodes (kubelet) + - job_name: 'kubernetes-nodes' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics + + # Scrape config for Kubelet cAdvisor. + # + # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics + # (those whose names begin with 'container_') have been removed from the + # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to + # retrieve those metrics. + # + # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor + # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" + # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with + # the --cadvisor-port=0 Kubelet flag). + # + # This job is not necessary and should be removed in Kubernetes 1.6 and + # earlier versions, or it will cause the metrics to be scraped twice. + - job_name: 'kubernetes-cadvisor' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor + + # scrape config for service endpoints. + - job_name: 'kubernetes-service-endpoints' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" + - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: keep + regex: ((;.*)|(.*;http)) + - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] + action: drop + regex: (true) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name + + - job_name: 'kubernetes-pods-istio-secure' + scheme: https + tls_config: + ca_file: /etc/istio-certs/root-cert.pem + cert_file: /etc/istio-certs/cert-chain.pem + key_file: /etc/istio-certs/key.pem + insecure_skip_verify: true # prometheus does not support secure naming. + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + # sidecar status annotation is added by sidecar injector and + # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. + - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] + action: keep + regex: (([^;]+);([^;]*))|(([^;]*);(true)) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: drop + regex: (http) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__] # Only keep address that is host:port + action: keep # otherwise an extra target with ':443' is added for https scheme + regex: ([^:]+):(\d+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name +kind: ConfigMap +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_namespace_istio-system.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_namespace_istio-system.yaml new file mode 100644 index 0000000000..072bd0fd7a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_namespace_istio-system.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + istio-injection: disabled + name: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_secret_kiali.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_secret_kiali.yaml new file mode 100644 index 0000000000..c96321c013 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_secret_kiali.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + passphrase: YWRtaW4= + username: YWRtaW4= +kind: Secret +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system +type: Opaque diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_grafana.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_grafana.yaml new file mode 100644 index 0000000000..ddc7dbff72 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_grafana.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: grafana + namespace: istio-system +spec: + ports: + - name: http + port: 3000 + protocol: TCP + targetPort: 3000 + selector: + app: grafana + type: ClusterIP diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-citadel.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-citadel.yaml new file mode 100644 index 0000000000..4215ecb031 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-citadel.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + name: istio-citadel + namespace: istio-system +spec: + ports: + - name: grpc-citadel + port: 8060 + protocol: TCP + targetPort: 8060 + - name: http-monitoring + port: 15014 + selector: + istio: citadel diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-egressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-egressgateway.yaml new file mode 100644 index 0000000000..4998a7f877 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-egressgateway.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + ports: + - name: http2 + port: 80 + - name: https + port: 443 + - name: tls + port: 15443 + targetPort: 15443 + selector: + app: istio-egressgateway + istio: egressgateway + release: istio + type: ClusterIP diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-galley.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-galley.yaml new file mode 100644 index 0000000000..e037f828d3 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-galley.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley + namespace: istio-system +spec: + ports: + - name: https-validation + port: 443 + - name: http-monitoring + port: 15014 + - name: grpc-mcp + port: 9901 + selector: + istio: galley diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml new file mode 100644 index 0000000000..5833ac81fa --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + beta.cloud.google.com/backend-config: '{"ports": {"http2":"iap-backendconfig"}}' + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + ports: + - name: status-port + port: 15020 + targetPort: 15020 + - name: http2 + nodePort: 31380 + port: 80 + targetPort: 80 + - name: https + nodePort: 31390 + port: 443 + - name: tcp + nodePort: 31400 + port: 31400 + - name: https-kiali + port: 15029 + targetPort: 15029 + - name: https-prometheus + port: 15030 + targetPort: 15030 + - name: https-grafana + port: 15031 + targetPort: 15031 + - name: https-tracing + port: 15032 + targetPort: 15032 + - name: tls + port: 15443 + targetPort: 15443 + selector: + app: istio-ingressgateway + istio: ingressgateway + release: istio + type: NodePort diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-pilot.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-pilot.yaml new file mode 100644 index 0000000000..20b0a6b506 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-pilot.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + ports: + - name: grpc-xds + port: 15010 + - name: https-xds + port: 15011 + - name: http-legacy-discovery + port: 8080 + - name: http-monitoring + port: 15014 + selector: + istio: pilot diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-policy.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-policy.yaml new file mode 100644 index 0000000000..31ff71c40b --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-policy.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + networking.istio.io/exportTo: '*' + labels: + app: mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-policy + namespace: istio-system +spec: + ports: + - name: grpc-mixer + port: 9091 + - name: grpc-mixer-mtls + port: 15004 + - name: http-monitoring + port: 15014 + selector: + istio: mixer + istio-mixer-type: policy diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..877561ec4a --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector + namespace: istio-system +spec: + ports: + - port: 443 + selector: + istio: sidecar-injector diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml new file mode 100644 index 0000000000..eebbbe6978 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + networking.istio.io/exportTo: '*' + labels: + app: mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-telemetry + namespace: istio-system +spec: + ports: + - name: grpc-mixer + port: 9091 + - name: grpc-mixer-mtls + port: 15004 + - name: http-monitoring + port: 15014 + - name: prometheus + port: 42422 + selector: + istio: mixer + istio-mixer-type: telemetry diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-agent.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-agent.yaml new file mode 100644 index 0000000000..1dfd5cd653 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-agent.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + jaeger-infra: agent-service + release: istio + name: jaeger-agent + namespace: istio-system +spec: + clusterIP: None + ports: + - name: agent-zipkin-thrift + port: 5775 + protocol: UDP + targetPort: 5775 + - name: agent-compact + port: 6831 + protocol: UDP + targetPort: 6831 + - name: agent-binary + port: 6832 + protocol: UDP + targetPort: 6832 + selector: + app: jaeger diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-collector.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-collector.yaml new file mode 100644 index 0000000000..5f4aeccfb5 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-collector.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + jaeger-infra: collector-service + release: istio + name: jaeger-collector + namespace: istio-system +spec: + ports: + - name: jaeger-collector-tchannel + port: 14267 + protocol: TCP + targetPort: 14267 + - name: jaeger-collector-http + port: 14268 + protocol: TCP + targetPort: 14268 + selector: + app: jaeger + type: ClusterIP diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-query.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-query.yaml new file mode 100644 index 0000000000..94a9e9d15b --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_jaeger-query.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + jaeger-infra: jaeger-service + release: istio + name: jaeger-query + namespace: istio-system +spec: + ports: + - name: query-http + port: 16686 + protocol: TCP + targetPort: 16686 + selector: + app: jaeger diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_kiali.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_kiali.yaml new file mode 100644 index 0000000000..049f4c74d7 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_kiali.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system +spec: + ports: + - name: http-kiali + port: 20001 + protocol: TCP + selector: + app: kiali diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_prometheus.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_prometheus.yaml new file mode 100644 index 0000000000..f0ecb03d63 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_prometheus.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scrape: "true" + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system +spec: + ports: + - name: http-prometheus + port: 9090 + protocol: TCP + selector: + app: prometheus diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_tracing.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_tracing.yaml new file mode 100644 index 0000000000..973e98032f --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_tracing.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + name: tracing + namespace: istio-system +spec: + ports: + - name: http-query + port: 80 + protocol: TCP + targetPort: 16686 + selector: + app: jaeger diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_zipkin.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_zipkin.yaml new file mode 100644 index 0000000000..43acf02148 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_service_zipkin.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + name: zipkin + namespace: istio-system +spec: + ports: + - name: http + port: 9411 + protocol: TCP + targetPort: 9411 + selector: + app: jaeger + type: ClusterIP diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml new file mode 100644 index 0000000000..8cf250f0d0 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-citadel-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-cleanup-secrets-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-cleanup-secrets-service-account.yaml new file mode 100644 index 0000000000..ab525f7ced --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-cleanup-secrets-service-account.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "1" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-egressgateway-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-egressgateway-service-account.yaml new file mode 100644 index 0000000000..5581b918c1 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-egressgateway-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml new file mode 100644 index 0000000000..adb8c1a617 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + name: istio-galley-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-grafana-post-install-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-grafana-post-install-account.yaml new file mode 100644 index 0000000000..94a0b1f0ac --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-grafana-post-install-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml new file mode 100644 index 0000000000..ad9a81526f --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml new file mode 100644 index 0000000000..c0c452e957 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-mixer-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml new file mode 100644 index 0000000000..2ae58c18b5 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-multi + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml new file mode 100644 index 0000000000..e6b9404cda --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml new file mode 100644 index 0000000000..c844263f93 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml new file mode 100644 index 0000000000..e40f71183b --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_kiali-service-account.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_kiali-service-account.yaml new file mode 100644 index 0000000000..6a40ec8143 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_kiali-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali-service-account + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml new file mode 100644 index 0000000000..2ad4d98808 --- /dev/null +++ b/tests/stacks/openshift/application/istio-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system diff --git a/tests/stacks/openshift/application/istio/kustomize_test.go b/tests/stacks/openshift/application/istio/kustomize_test.go new file mode 100644 index 0000000000..c1f289e114 --- /dev/null +++ b/tests/stacks/openshift/application/istio/kustomize_test.go @@ -0,0 +1,15 @@ +package istio + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/istio", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml new file mode 100644 index 0000000000..761c72b28c --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml @@ -0,0 +1,15 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: kubeflow-gateway + namespace: kubeflow +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP diff --git a/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml new file mode 100644 index 0000000000..8b72b89b40 --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: google-api-entry + namespace: kubeflow +spec: + hosts: + - www.googleapis.com + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: HTTPS + resolution: DNS diff --git a/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml new file mode 100644 index 0000000000..25a4323d96 --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: google-storage-api-entry + namespace: kubeflow +spec: + hosts: + - storage.googleapis.com + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: HTTPS + resolution: DNS diff --git a/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml new file mode 100644 index 0000000000..962ff0ad0f --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: google-api-vs + namespace: kubeflow +spec: + hosts: + - www.googleapis.com + tls: + - match: + - port: 443 + sni_hosts: + - www.googleapis.com + route: + - destination: + host: www.googleapis.com + port: + number: 443 + weight: 100 diff --git a/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml new file mode 100644 index 0000000000..0a36119b53 --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: google-storage-api-vs + namespace: kubeflow +spec: + hosts: + - storage.googleapis.com + tls: + - match: + - port: 443 + sni_hosts: + - storage.googleapis.com + route: + - destination: + host: storage.googleapis.com + port: + number: 443 + weight: 100 diff --git a/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml new file mode 100644 index 0000000000..f3c49cca8e --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: grafana-vs + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - method: + exact: GET + uri: + prefix: /istio/grafana/ + rewrite: + uri: / + route: + - destination: + host: grafana.istio-system.svc.cluster.local + port: + number: 3000 diff --git a/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml b/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml new file mode 100644 index 0000000000..b9f424a12f --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-istio-admin +rules: [] diff --git a/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml b/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml new file mode 100644 index 0000000000..fa0a1943e0 --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" + name: kubeflow-istio-edit +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml b/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml new file mode 100644 index 0000000000..daf4419193 --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-istio-view +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml b/tests/stacks/openshift/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml new file mode 100644 index 0000000000..9c7e471ebc --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.istio.io/v1alpha1 +kind: ClusterRbacConfig +metadata: + name: default + namespace: kubeflow +spec: + exclusion: + namespaces: + - istio-system + mode: "OFF" diff --git a/tests/stacks/openshift/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml b/tests/stacks/openshift/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml new file mode 100644 index 0000000000..ccc61b697b --- /dev/null +++ b/tests/stacks/openshift/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + clusterRbacConfig: "OFF" + gatewaySelector: ingressgateway +kind: ConfigMap +metadata: + annotations: {} + labels: {} + name: istio-parameters-t6hhgfg9k2 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/jupyter-web-app/kustomize_test.go b/tests/stacks/openshift/application/jupyter-web-app/kustomize_test.go new file mode 100644 index 0000000000..ff4e584aab --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/kustomize_test.go @@ -0,0 +1,15 @@ +package jupyter_web_app + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/jupyter-web-app", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml new file mode 100644 index 0000000000..be3f76b96d --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml @@ -0,0 +1,55 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a UI which allows the user to create/conect/delete jupyter + notebooks. + keywords: + - jupyterhub + - jupyter ui + - notebooks + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app + - description: Docs + url: https://www.kubeflow.org/docs/notebooks + maintainers: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + owners: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + type: jupyter-web-app + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 0000000000..35311df62a --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-f5fk62kk74 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-f5fk62kk74 + image: quay.io/kubeflow/jupyter-web-app:v1.0.0 + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config-c7ckdh44mc + name: config-volume diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml new file mode 100644 index 0000000000..1aaf497f8a --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /jupyter + match: + - uri: + prefix: /jupyter/ + rewrite: + uri: / + route: + - destination: + host: jupyter-web-app-service.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 0000000000..e15e8b6e22 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,57 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 0000000000..0ae2ffa5c6 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 0000000000..9cff1100a0 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 0000000000..265ceff545 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 0000000000..925b70ec6f --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 0000000000..0c57d76f07 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 0000000000..e07f869911 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-c7ckdh44mc.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-c7ckdh44mc.yaml new file mode 100644 index 0000000000..40dd5cfd38 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-c7ckdh44mc.yaml @@ -0,0 +1,136 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: | + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: quay.io/kubeflow/tf-notebook-image:v0.7.0 + # The list of available standard container Images + options: + - quay.io/kubeflow/tf-notebook-image:v0.7.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + annotations: {} + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config-c7ckdh44mc + namespace: kubeflow diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 0000000000..cbc5e87e29 --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /$(prefix)/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 0000000000..926d7e9b7a --- /dev/null +++ b/tests/stacks/openshift/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/kustomize_test.go b/tests/stacks/openshift/application/katib/kustomize_test.go new file mode 100644 index 0000000000..b1a7aacca4 --- /dev/null +++ b/tests/stacks/openshift/application/katib/kustomize_test.go @@ -0,0 +1,15 @@ +package katib + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/katib", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml b/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml new file mode 100644 index 0000000000..d5c52ecf04 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: experiments.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Experiment + plural: experiments + singular: experiment + scope: Namespaced + subresources: + status: {} + version: v1beta1 diff --git a/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml b/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml new file mode 100644 index 0000000000..22efe19141 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: suggestions.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .spec.requests + name: Requested + type: string + - JSONPath: .status.suggestionCount + name: Assigned + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Suggestion + plural: suggestions + singular: suggestion + scope: Namespaced + subresources: + status: {} + version: v1beta1 diff --git a/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml b/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml new file mode 100644 index 0000000000..4ab50ef082 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: trials.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Trial + plural: trials + singular: trial + scope: Namespaced + subresources: + status: {} + version: v1beta1 diff --git a/tests/stacks/openshift/application/katib/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml b/tests/stacks/openshift/application/katib/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml new file mode 100644 index 0000000000..173425f3a9 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml @@ -0,0 +1,70 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: Secret + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-controller + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-controller + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml b/tests/stacks/openshift/application/katib/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml new file mode 100644 index 0000000000..ff75fa592b --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml @@ -0,0 +1,68 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: katib-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-crds + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-crds + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-controller.yaml new file mode 100644 index 0000000000..8623abd1c1 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + template: + metadata: + annotations: + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + spec: + containers: + - args: + - --webhook-port=8443 + - --trial-resources=Job.v1.batch + - --trial-resources=TFJob.v1.kubeflow.org + - --trial-resources=PyTorchJob.v1.kubeflow.org + - --trial-resources=MPIJob.v1.kubeflow.org + - --trial-resources=PipelineRun.v1beta1.tekton.dev + - --webhook-inject-securitycontext=true + command: + - ./katib-controller + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 + imagePullPolicy: IfNotPresent + name: katib-controller + ports: + - containerPort: 8443 + name: webhook + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + serviceAccountName: katib-controller + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: katib-controller diff --git a/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-db-manager.yaml new file mode 100644 index 0000000000..16949634b7 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + spec: + containers: + - command: + - ./katib-db-manager + env: + - name: DB_NAME + value: mysql + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 60 + name: katib-db-manager + ports: + - containerPort: 6789 + name: api + readinessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + initialDelaySeconds: 5 diff --git a/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-mysql.yaml b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-mysql.yaml new file mode 100644 index 0000000000..b7c2f3fd66 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-mysql.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + spec: + containers: + - env: + - name: MYSQL_USER + valueFrom: + secretKeyRef: + key: MYSQL_USER + name: katib-mysql-secrets + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_PASSWORD + name: katib-mysql-secrets + - name: MYSQL_LOWER_CASE_TABLE_NAMES + value: "1" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: katib + image: registry.redhat.io/rhscl/mysql-80-rhel7:latest + livenessProbe: + exec: + command: + - /bin/bash + - -c + - mysqladmin ping -uroot + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: katib-mysql + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D ${MYSQL_DATABASE} -uroot -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql/data + name: katib-mysql + volumes: + - name: katib-mysql + persistentVolumeClaim: + claimName: katib-mysql diff --git a/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-ui.yaml new file mode 100644 index 0000000000..4b9d958995 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + spec: + containers: + - args: + - --port=8080 + command: + - ./katib-ui + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 + imagePullPolicy: IfNotPresent + name: katib-ui + ports: + - containerPort: 8080 + name: ui + serviceAccountName: katib-ui diff --git a/tests/stacks/openshift/application/katib/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml b/tests/stacks/openshift/application/katib/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml new file mode 100644 index 0000000000..6bb614b82b --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /katib/ + rewrite: + uri: /katib/ + route: + - destination: + host: katib-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml new file mode 100644 index 0000000000..0536e926a8 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -0,0 +1,92 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + - secrets + - events + - namespaces + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - pods/log + - pods/status + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - experiments/status + - experiments/finalizers + - trials + - trials/status + - trials/finalizers + - suggestions + - suggestions/status + - suggestions/finalizers + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - pytorchjobs + - mpijobs + verbs: + - '*' +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' diff --git a/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml new file mode 100644 index 0000000000..66faccefb1 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - '*' diff --git a/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml new file mode 100644 index 0000000000..45d4cb1843 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml @@ -0,0 +1,13 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-katib-admin +rules: [] diff --git a/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml new file mode 100644 index 0000000000..11ad89cab6 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" + name: kubeflow-katib-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml new file mode 100644 index 0000000000..95b524a46e --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-katib-view +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml new file mode 100644 index 0000000000..908f9dad49 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-controller +subjects: +- kind: ServiceAccount + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml new file mode 100644 index 0000000000..e9f5ce2506 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-ui +subjects: +- kind: ServiceAccount + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_katib-config.yaml new file mode 100644 index 0000000000..f5881bfb7c --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -0,0 +1,66 @@ +apiVersion: v1 +data: + early-stopping: |- + { + "medianstop": { + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", + "imagePullPolicy": "Always" + } + } + metrics-collector-sidecar: |- + { + "StdOut": { + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" + }, + "File": { + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" + }, + "TensorFlowEvent": { + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", + "resources": { + "limits": { + "memory": "1Gi" + } + } + } + } + suggestion: |- + { + "random": { + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" + }, + "grid": { + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" + }, + "hyperband": { + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" + }, + "bayesianoptimization": { + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" + }, + "tpe": { + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" + }, + "enas": { + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", + "imagePullPolicy": "Always", + "resources": { + "limits": { + "memory": "200Mi" + } + } + }, + "cmaes": { + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" + }, + "darts": { + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-config + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_trial-template.yaml new file mode 100644 index 0000000000..260ea24d70 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -0,0 +1,77 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + spec: + template: + spec: + containers: + - name: training-container + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + - "--lr=${trialParameters.learningRate}" + - "--num-layers=${trialParameters.numberLayers}" + - "--optimizer=${trialParameters.optimizer}" + restartPolicy: Never + enasCPUTemplate: |- + apiVersion: batch/v1 + kind: Job + spec: + template: + spec: + containers: + - name: training-container + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 + command: + - python3 + - -u + - RunTrial.py + - --num_epochs=1 + - "--architecture=\"${trialParameters.neuralNetworkArchitecture}\"" + - "--nn_config=\"${trialParameters.neuralNetworkConfig}\"" + restartPolicy: Never + pytorchJobTemplate: |- + apiVersion: "kubeflow.org/v1" + kind: PyTorchJob + spec: + pytorchReplicaSpecs: + Master: + replicas: 1 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + - "--lr=${trialParameters.learningRate}" + - "--momentum=${trialParameters.momentum}" + Worker: + replicas: 2 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + - "--lr=${trialParameters.learningRate}" + - "--momentum=${trialParameters.momentum}" +kind: ConfigMap +metadata: + labels: + app: katib-trial-templates + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml new file mode 100644 index 0000000000..f07c332452 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_secret_katib-controller.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_secret_katib-controller.yaml new file mode 100644 index 0000000000..debbabb435 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_secret_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml new file mode 100644 index 0000000000..ee4d8bfe18 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + MYSQL_PASSWORD: dGVzdC9wYXNzd29yZA== + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER: dGVzdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-controller.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-controller.yaml new file mode 100644 index 0000000000..59c34c7868 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-controller.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8443 + - name: metrics + port: 8080 + targetPort: 8080 + selector: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-db-manager.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-db-manager.yaml new file mode 100644 index 0000000000..ff2e1df9ab --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-db-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + ports: + - name: api + port: 6789 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + type: ClusterIP diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-mysql.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-mysql.yaml new file mode 100644 index 0000000000..5b3c87b53e --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-mysql.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + type: ClusterIP diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-ui.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-ui.yaml new file mode 100644 index 0000000000..399b6e1644 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_service_katib-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + ports: + - name: ui + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + type: ClusterIP diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml new file mode 100644 index 0000000000..bfbc7b770e --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml new file mode 100644 index 0000000000..16c2b45417 --- /dev/null +++ b/tests/stacks/openshift/application/katib/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/metadata/kustomize_test.go b/tests/stacks/openshift/application/metadata/kustomize_test.go new file mode 100644 index 0000000000..047d8fd902 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/kustomize_test.go @@ -0,0 +1,15 @@ +package metadata + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/metadata", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-db.yaml new file mode 100644 index 0000000000..6c483e3361 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: db + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: db + kustomize.component: metadata + name: db + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: mysql:8.0.3 + name: db-container + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D $$MYSQL_DATABASE -u$$MYSQL_USER_NAME -p$$MYSQL_ROOT_PASSWORD + -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: metadata-mysql + serviceAccountName: metadatadb + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-deployment.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-deployment.yaml new file mode 100644 index 0000000000..462f937f60 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: server + kustomize.component: metadata + name: metadata-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: server + kustomize.component: metadata + spec: + containers: + - command: + - ./server/server + - --http_port=8080 + - --mysql_service_host=metadata-db + - --mysql_service_port=$(MYSQL_PORT) + - --mysql_service_user=$(MYSQL_USER_NAME) + - --mysql_service_password=$(MYSQL_ROOT_PASSWORD) + - --mlmd_db_name=$(MYSQL_DATABASE) + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: gcr.io/kubeflow-images-public/metadata:v0.1.11 + livenessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: backendapi + readinessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..66929f9f1d --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..5f53346cb8 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=metadata-db + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USER_NAME) + - --mysql_config_password=$(MYSQL_ROOT_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-ui.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-ui.yaml new file mode 100644 index 0000000000..f6f5c19dc9 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/apps_v1_deployment_metadata-ui.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: metadata-ui + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: metadata-ui + kustomize.component: metadata + name: ui + spec: + containers: + - image: gcr.io/kubeflow-images-public/metadata-frontend:v0.1.8 + imagePullPolicy: IfNotPresent + name: metadata-ui + ports: + - containerPort: 3000 + serviceAccountName: metadata-ui diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml new file mode 100644 index 0000000000..cc9741b27e --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: metadata-envoy-service.kubeflow.svc.cluster.local + port: + number: 9090 + timeout: 300s diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml new file mode 100644 index 0000000000..e888e4eafa --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /metadata + rewrite: + uri: /metadata + route: + - destination: + host: metadata-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml new file mode 100644 index 0000000000..adbb844006 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml new file mode 100644 index 0000000000..1431841c38 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metadata-ui +subjects: +- kind: ServiceAccount + name: ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml new file mode 100644 index 0000000000..3aa74d8ac5 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: metadb + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-db-parameters + namespace: kubeflow diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..b8605cd7b7 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 0000000000..d6a0de88e5 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml new file mode 100644 index 0000000000..d08a7d2475 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + kustomize.component: metadata + name: metadata-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml new file mode 100644 index 0000000000..918b7d1198 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER_NAME: cm9vdA== +kind: Secret +metadata: + labels: + kustomize.component: metadata + name: metadata-db-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-db.yaml new file mode 100644 index 0000000000..eb77733c55 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + component: db + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 0000000000..88f6246f90 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 0000000000..a7f38d715b --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-service.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-service.yaml new file mode 100644 index 0000000000..a16c797088 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-service + namespace: kubeflow +spec: + ports: + - name: backendapi + port: 8080 + protocol: TCP + selector: + component: server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-ui.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-ui.yaml new file mode 100644 index 0000000000..72fa14f488 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_service_metadata-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: metadata-ui + kustomize.component: metadata diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml new file mode 100644 index 0000000000..4b277b0557 --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_serviceaccount_metadatadb.yaml b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_serviceaccount_metadatadb.yaml new file mode 100644 index 0000000000..dba08a8f2e --- /dev/null +++ b/tests/stacks/openshift/application/metadata/test_data/expected/~g_v1_serviceaccount_metadatadb.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + component: db + name: metadatadb + namespace: kubeflow diff --git a/tests/stacks/openshift/application/notebook-controller/kustomize_test.go b/tests/stacks/openshift/application/notebook-controller/kustomize_test.go new file mode 100644 index 0000000000..283ebbeceb --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/kustomize_test.go @@ -0,0 +1,15 @@ +package notebook_controller + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/notebook-controller", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml new file mode 100644 index 0000000000..2009ccb90f --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml @@ -0,0 +1,96 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebooks.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Notebook + plural: notebooks + singular: notebook + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + template: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + spec: + properties: + containers: + items: + properties: + resources: + properties: + limits: + properties: + cpu: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + memory: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + type: object + requests: + properties: + cpu: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + memory: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + type: object + type: object + type: object + type: array + type: object + type: object + type: object + status: + properties: + conditions: + description: Conditions is an array of current conditions + items: + properties: + type: + description: Type of the confition/ + type: string + required: + - type + type: object + type: array + required: + - conditions + type: object + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml new file mode 100644 index 0000000000..f462651b3b --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Notebooks controller allows users to create a custom resource \"Notebook\" + (jupyter notebook). + keywords: + - jupyter + - notebook + - notebook-controller + - jupyterhub + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/notebook-controller + maintainers: + - email: lunkai@google.com + name: Lun-kai Hsu + owners: + - email: lunkai@gogle.com + name: Lun-kai Hsu + type: notebook-controller + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/instance: notebook-controller-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: notebook-controller + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml new file mode 100644 index 0000000000..f556f5a347 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + spec: + containers: + - command: + - /manager + env: + - name: ADD_FSGROUP + value: "false" + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + key: USE_ISTIO + name: notebook-controller-notebook-controller-config-h4d668t5tb + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + key: ISTIO_GATEWAY + name: notebook-controller-notebook-controller-config-h4d668t5tb + image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-gf39279c0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + serviceAccountName: notebook-controller-service-account diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml new file mode 100644 index 0000000000..41459ef302 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: notebook-controller-kubeflow-notebooks-admin +rules: [] diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml new file mode 100644 index 0000000000..3ae0c1cd8e --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" + name: notebook-controller-kubeflow-notebooks-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml new file mode 100644 index 0000000000..9e28e08290 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: notebook-controller-kubeflow-notebooks-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml new file mode 100644 index 0000000000..02d880f8e2 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role +rules: +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + - notebooks/finalizers + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml new file mode 100644 index 0000000000..30d3f08b7e --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: notebook-controller-role +subjects: +- kind: ServiceAccount + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml new file mode 100644 index 0000000000..ca0dc1ba50 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ISTIO_GATEWAY: kubeflow/kubeflow-gateway + USE_ISTIO: "true" +kind: ConfigMap +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller-config-h4d668t5tb + namespace: kubeflow diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_service_notebook-controller-service.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_service_notebook-controller-service.yaml new file mode 100644 index 0000000000..a9f1b4b8e0 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_service_notebook-controller-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller diff --git a/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml new file mode 100644 index 0000000000..d34df92177 --- /dev/null +++ b/tests/stacks/openshift/application/notebook-controller/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/openshift/openshift-scc/kustomize_test.go b/tests/stacks/openshift/application/openshift/openshift-scc/kustomize_test.go new file mode 100644 index 0000000000..3eec08908d --- /dev/null +++ b/tests/stacks/openshift/application/openshift/openshift-scc/kustomize_test.go @@ -0,0 +1,15 @@ +package openshift_scc + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../../stacks/openshift/application/openshift/openshift-scc", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/security.openshift.io_v1_securitycontextconstraints_kubeflow-anyuid-istio.yaml b/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/security.openshift.io_v1_securitycontextconstraints_kubeflow-anyuid-istio.yaml new file mode 100644 index 0000000000..6df993b65e --- /dev/null +++ b/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/security.openshift.io_v1_securitycontextconstraints_kubeflow-anyuid-istio.yaml @@ -0,0 +1,51 @@ +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: null +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: null +fsGroup: + type: RunAsAny +groups: +- system:cluster-admins +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: kubeflow-anyuid provides all features of the restricted + SCC but allows users to run with any UID and any GID. + name: kubeflow-anyuid-istio + namespace: kubeflow +priority: 10 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: +- system:serviceaccount:istio-system:istio-egressgateway-service-account +- system:serviceaccount:istio-system:istio-citadel-service-account +- system:serviceaccount:istio-system:istio-ingressgateway-service-account +- system:serviceaccount:istio-system:istio-cleanup-old-ca-service-account +- system:serviceaccount:istio-system:istio-mixer-post-install-account +- system:serviceaccount:istio-system:istio-mixer-service-account +- system:serviceaccount:istio-system:istio-pilot-service-account +- system:serviceaccount:istio-system:istio-sidecar-injector-service-account +- system:serviceaccount:istio-system:istio-sidecar-injector-service-account +- system:serviceaccount:istio-system:istio-galley-service-account +- system:serviceaccount:istio-system:prometheus +- system:serviceaccount:istio-system:cluster-local-gateway-service-account +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret diff --git a/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/security.openshift.io_v1_securitycontextconstraints_kubeflow-anyuid-kubeflow.yaml b/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/security.openshift.io_v1_securitycontextconstraints_kubeflow-anyuid-kubeflow.yaml new file mode 100644 index 0000000000..ed6161ad5f --- /dev/null +++ b/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/security.openshift.io_v1_securitycontextconstraints_kubeflow-anyuid-kubeflow.yaml @@ -0,0 +1,41 @@ +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: null +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: null +fsGroup: + type: RunAsAny +groups: +- system:cluster-admins +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: kubeflow-anyuid provides all features of the restricted + SCC but allows users to run with any UID and any GID. + name: kubeflow-anyuid-kubeflow + namespace: kubeflow +priority: 10 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: +- system:serviceaccount:kubeflow:metadatadb +- system:serviceaccount:kubeflow:minio +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret diff --git a/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/~g_v1_configmap_scc-namespace-check-5b8mdc7488.yaml b/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/~g_v1_configmap_scc-namespace-check-5b8mdc7488.yaml new file mode 100644 index 0000000000..e40a0eee48 --- /dev/null +++ b/tests/stacks/openshift/application/openshift/openshift-scc/test_data/expected/~g_v1_configmap_scc-namespace-check-5b8mdc7488.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: scc-namespace-check-5b8mdc7488 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/kustomize_test.go b/tests/stacks/openshift/application/pipeline/kustomize_test.go new file mode 100644 index 0000000000..2f395f6afc --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/kustomize_test.go @@ -0,0 +1,15 @@ +package pipeline + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/pipeline", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 0000000000..39c462bb2e --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml new file mode 100644 index 0000000000..711e1a0029 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml new file mode 100644 index 0000000000..1528604b3a --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + annotations: + kubernetes-engine.cloud.google.com/icon: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: PersistentVolumeClaim + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment + - group: networking.istio.io/v1alpha3 + kind: VirtualService + descriptor: + description: Reusable end-to-end ML workflow + links: + - description: Kubeflow Pipelines Documentation + url: https://www.kubeflow.org/docs/pipelines/ + maintainers: + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines + type: Kubeflow Pipelines + version: 1.0.4 + selector: + matchLabels: + app.kubernetes.io/application: kubeflow-pipelines diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml new file mode 100644 index 0000000000..e1b386dfb9 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml @@ -0,0 +1,31 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - minio + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: minio + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml new file mode 100644 index 0000000000..d4db458295 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - mysql + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: mysql + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml new file mode 100644 index 0000000000..e8a95f1f1a --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.0.4 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_cache-server.yaml new file mode 100644 index 0000000000..a5373e3d14 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cacheDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-server:1.0.4 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_metadata-writer.yaml new file mode 100644 index 0000000000..77004306de --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: metadata-writer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/metadata-writer:1.0.4 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_minio.yaml new file mode 100644 index 0000000000..31a7a91930 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_minio.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..3d8cd5347c --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH + value: "86400" + image: gcr.io/ml-pipeline/persistenceagent:1.0.4 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..d395adaed4 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.4 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..1a60f06ce5 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:1.0.4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true + serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml new file mode 100644 index 0000000000..c2874009d9 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.4 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..bf0ef4fb76 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.0.4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline.yaml new file mode 100644 index 0000000000..1fb43d9089 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/api-server:1.0.4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_mysql.yaml new file mode 100644 index 0000000000..b47bdbb60a --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/apps_v1_deployment_mysql.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..f626864576 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..5ba54f3cda --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml @@ -0,0 +1,37 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - certificates.k8s.io + resourceNames: + - kubernetes.io/* + resources: + - signers + verbs: + - approve diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..459313eff8 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml new file mode 100644 index 0000000000..59924196e1 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - patch + - list diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..7c2b27e343 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..c300b1cda8 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..8d376c6ae5 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..a31ac1ebfd --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4ff55fe4e7 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 0000000000..522897510e --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml new file mode 100644 index 0000000000..5a947370a6 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml new file mode 100644 index 0000000000..fdd503498a --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml @@ -0,0 +1,84 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..e76122f19f --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..7471959ec9 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..32755c9be3 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..c1033e02db --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..c3ed87368c --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..1d78022b2b --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml new file mode 100644 index 0000000000..96503d4ab4 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..ff6a5433d3 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml new file mode 100644 index 0000000000..9e1352d61a --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml new file mode 100644 index 0000000000..461638d1f8 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "kubeflow-pipelines-viewer" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui-configmap + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml new file mode 100644 index 0000000000..c2b0b0572c --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + bucketName: mlpipeline + cacheDb: cachedb + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-install-config-2829cc67f8 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-d7hkh24mdg.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-d7hkh24mdg.yaml new file mode 100644 index 0000000000..3aef75a62e --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-d7hkh24mdg.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + appName: pipeline + appVersion: 1.0.4 + bucketName: mlpipeline + cacheDb: cachedb + containerRuntimeExecutor: docker + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-upstream-install-config-d7hkh24mdg + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml new file mode 100644 index 0000000000..0dd8344034 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml new file mode 100644 index 0000000000..bf0c560da5 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml new file mode 100644 index 0000000000..2c774e447c --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml new file mode 100644 index 0000000000..3490a9d7f1 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + password: "" + username: cm9vdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: mysql-secret-fd5gktm75t + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_cache-server.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_cache-server.yaml new file mode 100644 index 0000000000..ab6cf5124e --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_cache-server.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_minio-service.yaml new file mode 100644 index 0000000000..c7f0acee21 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_minio-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-service + namespace: kubeflow +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4b493f3119 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..71a24c4ada --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline.yaml new file mode 100644 index 0000000000..4d23b20f01 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_ml-pipeline.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_mysql.yaml new file mode 100644 index 0000000000..da8f8cb93a --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_service_mysql.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml new file mode 100644 index 0000000000..a985549ba3 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml new file mode 100644 index 0000000000..f7555f0f35 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml new file mode 100644 index 0000000000..b0bbf5da53 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-container-builder + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml new file mode 100644 index 0000000000..de94276552 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml new file mode 100644 index 0000000000..9521f5b74d --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-viewer + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..5bc5786177 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..4a157173bc --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..9318d09104 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 0000000000..ff0696597e --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..5c8e34b2a1 --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml new file mode 100644 index 0000000000..b95a37213c --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 0000000000..13fb2a95dd --- /dev/null +++ b/tests/stacks/openshift/application/pipeline/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/openshift/application/profiles/kustomize_test.go b/tests/stacks/openshift/application/profiles/kustomize_test.go new file mode 100644 index 0000000000..6c0ac2653a --- /dev/null +++ b/tests/stacks/openshift/application/profiles/kustomize_test.go @@ -0,0 +1,15 @@ +package profiles + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/profiles", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 0000000000..c299e91151 --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml new file mode 100644 index 0000000000..fc90772a0b --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: kubeflow.org + kind: Profile + descriptor: + description: "" + keywords: + - profiles + - kubeflow + links: + - description: profiles + url: https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller + - description: kfam + url: https://github.com/kubeflow/kubeflow/tree/master/components/access-management + maintainers: + - email: kunming@google.com + name: Kunming Qu + owners: + - email: kunming@google.com + name: Kunming Qu + type: profiles + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/instance: profiles-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: profiles + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 0000000000..0282d93513 --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kustomize.component: profiles + name: profiles-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + kustomize.component: profiles + spec: + containers: + - args: null + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-f5fk62kk74 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-f5fk62kk74 + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/profile-controller:vmaster-g34aa47c2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: null + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + - -userid-header + - $(USERID_HEADER) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-f5fk62kk74 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-f5fk62kk74 + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml new file mode 100644 index 0000000000..8d29ff183f --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /kfam + match: + - uri: + prefix: /kfam/ + rewrite: + uri: /kfam/ + route: + - destination: + host: profiles-kfam.$(namespace).svc.cluster.local + port: + number: 8081 diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 0000000000..663e87dbcd --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml new file mode 100644 index 0000000000..e77d6f69ed --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + admin: "" + gcp-sa: "" +kind: ConfigMap +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles-config-4mgcmtgk6t + namespace: kubeflow diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 0000000000..db1f50bd7d --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + ports: + - port: 8081 + selector: + kustomize.component: profiles diff --git a/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 0000000000..881ccbf1bd --- /dev/null +++ b/tests/stacks/openshift/application/profiles/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: profiles + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pytorch-job/kustomize_test.go b/tests/stacks/openshift/application/pytorch-job/kustomize_test.go new file mode 100644 index 0000000000..8405d65784 --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/kustomize_test.go @@ -0,0 +1,15 @@ +package pytorch_job + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/pytorch-job", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..2dc516cbcc --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorchjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: PyTorchJob + plural: pytorchjobs + singular: pytorchjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + pytorchReplicaSpecs: + properties: + Master: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml new file mode 100644 index 0000000000..56a1457579 --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorch-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-job-crds contains the "PyTorchJob" custom resource definition. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml new file mode 100644 index 0000000000..44ea79a4b8 --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-operator allows users to create and manage the "PyTorchJob" + custom resource. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/apps_v1_deployment_pytorch-operator.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/apps_v1_deployment_pytorch-operator.yaml new file mode 100644 index 0000000000..fec6851c6a --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/apps_v1_deployment_pytorch-operator.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + spec: + containers: + - command: + - /pytorch-operator.v1 + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/pytorch-operator:vmaster-g518f9c76 + name: pytorch-operator + serviceAccountName: pytorch-operator diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml new file mode 100644 index 0000000000..161f232e59 --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-pytorchjobs-admin +rules: [] diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml new file mode 100644 index 0000000000..57a5fc7f42 --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" + name: kubeflow-pytorchjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml new file mode 100644 index 0000000000..4f9ef4f8d3 --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-pytorchjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml new file mode 100644 index 0000000000..13352b970d --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml new file mode 100644 index 0000000000..cefdad39ee --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pytorch-operator +subjects: +- kind: ServiceAccount + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/~g_v1_service_pytorch-operator.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/~g_v1_service_pytorch-operator.yaml new file mode 100644 index 0000000000..4114ea5f9f --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/~g_v1_service_pytorch-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + type: ClusterIP diff --git a/tests/stacks/openshift/application/pytorch-job/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml b/tests/stacks/openshift/application/pytorch-job/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml new file mode 100644 index 0000000000..3d3555c2b1 --- /dev/null +++ b/tests/stacks/openshift/application/pytorch-job/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/openshift/application/seldon/kustomize_test.go b/tests/stacks/openshift/application/seldon/kustomize_test.go new file mode 100644 index 0000000000..f4a6536e92 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/kustomize_test.go @@ -0,0 +1,15 @@ +package seldon + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/seldon", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_seldon-mutating-webhook-configuration-kubeflow.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_seldon-mutating-webhook-configuration-kubeflow.yaml new file mode 100644 index 0000000000..5de76d7e98 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_seldon-mutating-webhook-configuration-kubeflow.yaml @@ -0,0 +1,89 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/seldon-serving-cert + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-mutating-webhook-configuration-kubeflow +webhooks: +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lSQVBpR2diQUl5Z3RKRk9NRnhjYXNIb1V3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlkzVnpkRzl0TFcxbGRISnBZM010WTJFd0hoY05NakF4TURNeE1UQTBPVFF4V2hjTgpNakV4TURNeE1UQTBPVFF4V2pBY01Sb3dHQVlEVlFRREV4RmpkWE4wYjIwdGJXVjBjbWxqY3kxallUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ1dnZEN6MVBoekRSYlNOWEsrYkduSUV2aHMKNWdKTzNudkd2K2VBcjladnBOampBTzZZMDdDNmQrcEFUQWlYdVpoMHU2aDVjaERqRmFMUGY2Wi9uWHNXVlNicApaUGFEN01NMU5TbDBiSlF3N3FEQlFaRjBLUmtuRUdmNDFkSkJKbFhYV0JERjZpbGQ1WU5lc1gxdThVQnNDTnZCCjVVUFZaR3dBdDA1SlBNUXNNcVNBR1RKUWdQcW9RbnV6RWN1WGRiZSswdHZ2RXpjUkVTMFJyNlVNWEtubVFVSlgKZFZKNy8yWExjZzhrVzRKOUM5VXczZ1AvME1WTEFCcFpLRGRvVnYwU2VObHFxR1VrZlJpcUk2TzZ6ai85Z282YwpocHJoUjJETm8zb3liUWZ4UDdZT1dBanl1Qm9NRUtqUWNkTzZobFY4UE5HWjQwVngwSmxLaUFIZzRqOENBd0VBCkFhTkNNRUF3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQll4OGtZVnZ0QQoyclJkdFNweENKZi84SWI1Z05NOTJNTm5IcGlqcUtRVHUyRmg3aFVFWVFzM0lLMmxBU2JWQXRrNmpHL2xwd0RCCmxCWlhkK01wM1pUc2xYbXlpVGNjOVVUdXFBWTQrMklZazJKYW1XU2p0MXlJN3RQUnZZaUI2WnFFdU50Y1BvSVEKOEJzK29MZlVUci9SZFIvamJ2ZlMybkwybm00L0t0N2pId2xNVTZua2VkUGJUbnhBMDVXaTVCanB4d2VvQjRWQwpsOGl3MkxUdkppU1UzOTFsaTJNZlNER1ZDcWZnMU54WHZhT1Jkcno5YXhOcDY0TDE0aFFnY3ZheGkxYWRrY0RCCkp0dURvd3Fkd1pXV1orZGw2RTR1aTlKSFZXUmVRWk9DcjdZTUJobzdiRTZESVZxeFR1c0Y3MUczd24vRFNSTGwKeWlrc1M4L1Zrci9XCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /mutate-machinelearning-seldon-io-v1-seldondeployment + port: 8443 + failurePolicy: Fail + name: v1.mseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lSQVBpR2diQUl5Z3RKRk9NRnhjYXNIb1V3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlkzVnpkRzl0TFcxbGRISnBZM010WTJFd0hoY05NakF4TURNeE1UQTBPVFF4V2hjTgpNakV4TURNeE1UQTBPVFF4V2pBY01Sb3dHQVlEVlFRREV4RmpkWE4wYjIwdGJXVjBjbWxqY3kxallUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ1dnZEN6MVBoekRSYlNOWEsrYkduSUV2aHMKNWdKTzNudkd2K2VBcjladnBOampBTzZZMDdDNmQrcEFUQWlYdVpoMHU2aDVjaERqRmFMUGY2Wi9uWHNXVlNicApaUGFEN01NMU5TbDBiSlF3N3FEQlFaRjBLUmtuRUdmNDFkSkJKbFhYV0JERjZpbGQ1WU5lc1gxdThVQnNDTnZCCjVVUFZaR3dBdDA1SlBNUXNNcVNBR1RKUWdQcW9RbnV6RWN1WGRiZSswdHZ2RXpjUkVTMFJyNlVNWEtubVFVSlgKZFZKNy8yWExjZzhrVzRKOUM5VXczZ1AvME1WTEFCcFpLRGRvVnYwU2VObHFxR1VrZlJpcUk2TzZ6ai85Z282YwpocHJoUjJETm8zb3liUWZ4UDdZT1dBanl1Qm9NRUtqUWNkTzZobFY4UE5HWjQwVngwSmxLaUFIZzRqOENBd0VBCkFhTkNNRUF3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQll4OGtZVnZ0QQoyclJkdFNweENKZi84SWI1Z05NOTJNTm5IcGlqcUtRVHUyRmg3aFVFWVFzM0lLMmxBU2JWQXRrNmpHL2xwd0RCCmxCWlhkK01wM1pUc2xYbXlpVGNjOVVUdXFBWTQrMklZazJKYW1XU2p0MXlJN3RQUnZZaUI2WnFFdU50Y1BvSVEKOEJzK29MZlVUci9SZFIvamJ2ZlMybkwybm00L0t0N2pId2xNVTZua2VkUGJUbnhBMDVXaTVCanB4d2VvQjRWQwpsOGl3MkxUdkppU1UzOTFsaTJNZlNER1ZDcWZnMU54WHZhT1Jkcno5YXhOcDY0TDE0aFFnY3ZheGkxYWRrY0RCCkp0dURvd3Fkd1pXV1orZGw2RTR1aTlKSFZXUmVRWk9DcjdZTUJobzdiRTZESVZxeFR1c0Y3MUczd24vRFNSTGwKeWlrc1M4L1Zrci9XCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /mutate-machinelearning-seldon-io-v1alpha2-seldondeployment + port: 8443 + failurePolicy: Fail + name: v1alpha2.mseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lSQVBpR2diQUl5Z3RKRk9NRnhjYXNIb1V3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlkzVnpkRzl0TFcxbGRISnBZM010WTJFd0hoY05NakF4TURNeE1UQTBPVFF4V2hjTgpNakV4TURNeE1UQTBPVFF4V2pBY01Sb3dHQVlEVlFRREV4RmpkWE4wYjIwdGJXVjBjbWxqY3kxallUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ1dnZEN6MVBoekRSYlNOWEsrYkduSUV2aHMKNWdKTzNudkd2K2VBcjladnBOampBTzZZMDdDNmQrcEFUQWlYdVpoMHU2aDVjaERqRmFMUGY2Wi9uWHNXVlNicApaUGFEN01NMU5TbDBiSlF3N3FEQlFaRjBLUmtuRUdmNDFkSkJKbFhYV0JERjZpbGQ1WU5lc1gxdThVQnNDTnZCCjVVUFZaR3dBdDA1SlBNUXNNcVNBR1RKUWdQcW9RbnV6RWN1WGRiZSswdHZ2RXpjUkVTMFJyNlVNWEtubVFVSlgKZFZKNy8yWExjZzhrVzRKOUM5VXczZ1AvME1WTEFCcFpLRGRvVnYwU2VObHFxR1VrZlJpcUk2TzZ6ai85Z282YwpocHJoUjJETm8zb3liUWZ4UDdZT1dBanl1Qm9NRUtqUWNkTzZobFY4UE5HWjQwVngwSmxLaUFIZzRqOENBd0VBCkFhTkNNRUF3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQll4OGtZVnZ0QQoyclJkdFNweENKZi84SWI1Z05NOTJNTm5IcGlqcUtRVHUyRmg3aFVFWVFzM0lLMmxBU2JWQXRrNmpHL2xwd0RCCmxCWlhkK01wM1pUc2xYbXlpVGNjOVVUdXFBWTQrMklZazJKYW1XU2p0MXlJN3RQUnZZaUI2WnFFdU50Y1BvSVEKOEJzK29MZlVUci9SZFIvamJ2ZlMybkwybm00L0t0N2pId2xNVTZua2VkUGJUbnhBMDVXaTVCanB4d2VvQjRWQwpsOGl3MkxUdkppU1UzOTFsaTJNZlNER1ZDcWZnMU54WHZhT1Jkcno5YXhOcDY0TDE0aFFnY3ZheGkxYWRrY0RCCkp0dURvd3Fkd1pXV1orZGw2RTR1aTlKSFZXUmVRWk9DcjdZTUJobzdiRTZESVZxeFR1c0Y3MUczd24vRFNSTGwKeWlrc1M4L1Zrci9XCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /mutate-machinelearning-seldon-io-v1alpha3-seldondeployment + port: 8443 + failurePolicy: Fail + name: v1alpha3.mseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_seldon-validating-webhook-configuration-kubeflow.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_seldon-validating-webhook-configuration-kubeflow.yaml new file mode 100644 index 0000000000..27030094c8 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_seldon-validating-webhook-configuration-kubeflow.yaml @@ -0,0 +1,89 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/seldon-serving-cert + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-validating-webhook-configuration-kubeflow +webhooks: +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lSQVBpR2diQUl5Z3RKRk9NRnhjYXNIb1V3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlkzVnpkRzl0TFcxbGRISnBZM010WTJFd0hoY05NakF4TURNeE1UQTBPVFF4V2hjTgpNakV4TURNeE1UQTBPVFF4V2pBY01Sb3dHQVlEVlFRREV4RmpkWE4wYjIwdGJXVjBjbWxqY3kxallUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ1dnZEN6MVBoekRSYlNOWEsrYkduSUV2aHMKNWdKTzNudkd2K2VBcjladnBOampBTzZZMDdDNmQrcEFUQWlYdVpoMHU2aDVjaERqRmFMUGY2Wi9uWHNXVlNicApaUGFEN01NMU5TbDBiSlF3N3FEQlFaRjBLUmtuRUdmNDFkSkJKbFhYV0JERjZpbGQ1WU5lc1gxdThVQnNDTnZCCjVVUFZaR3dBdDA1SlBNUXNNcVNBR1RKUWdQcW9RbnV6RWN1WGRiZSswdHZ2RXpjUkVTMFJyNlVNWEtubVFVSlgKZFZKNy8yWExjZzhrVzRKOUM5VXczZ1AvME1WTEFCcFpLRGRvVnYwU2VObHFxR1VrZlJpcUk2TzZ6ai85Z282YwpocHJoUjJETm8zb3liUWZ4UDdZT1dBanl1Qm9NRUtqUWNkTzZobFY4UE5HWjQwVngwSmxLaUFIZzRqOENBd0VBCkFhTkNNRUF3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQll4OGtZVnZ0QQoyclJkdFNweENKZi84SWI1Z05NOTJNTm5IcGlqcUtRVHUyRmg3aFVFWVFzM0lLMmxBU2JWQXRrNmpHL2xwd0RCCmxCWlhkK01wM1pUc2xYbXlpVGNjOVVUdXFBWTQrMklZazJKYW1XU2p0MXlJN3RQUnZZaUI2WnFFdU50Y1BvSVEKOEJzK29MZlVUci9SZFIvamJ2ZlMybkwybm00L0t0N2pId2xNVTZua2VkUGJUbnhBMDVXaTVCanB4d2VvQjRWQwpsOGl3MkxUdkppU1UzOTFsaTJNZlNER1ZDcWZnMU54WHZhT1Jkcno5YXhOcDY0TDE0aFFnY3ZheGkxYWRrY0RCCkp0dURvd3Fkd1pXV1orZGw2RTR1aTlKSFZXUmVRWk9DcjdZTUJobzdiRTZESVZxeFR1c0Y3MUczd24vRFNSTGwKeWlrc1M4L1Zrci9XCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /validate-machinelearning-seldon-io-v1-seldondeployment + port: 8443 + failurePolicy: Fail + name: v1.vseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lSQVBpR2diQUl5Z3RKRk9NRnhjYXNIb1V3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlkzVnpkRzl0TFcxbGRISnBZM010WTJFd0hoY05NakF4TURNeE1UQTBPVFF4V2hjTgpNakV4TURNeE1UQTBPVFF4V2pBY01Sb3dHQVlEVlFRREV4RmpkWE4wYjIwdGJXVjBjbWxqY3kxallUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ1dnZEN6MVBoekRSYlNOWEsrYkduSUV2aHMKNWdKTzNudkd2K2VBcjladnBOampBTzZZMDdDNmQrcEFUQWlYdVpoMHU2aDVjaERqRmFMUGY2Wi9uWHNXVlNicApaUGFEN01NMU5TbDBiSlF3N3FEQlFaRjBLUmtuRUdmNDFkSkJKbFhYV0JERjZpbGQ1WU5lc1gxdThVQnNDTnZCCjVVUFZaR3dBdDA1SlBNUXNNcVNBR1RKUWdQcW9RbnV6RWN1WGRiZSswdHZ2RXpjUkVTMFJyNlVNWEtubVFVSlgKZFZKNy8yWExjZzhrVzRKOUM5VXczZ1AvME1WTEFCcFpLRGRvVnYwU2VObHFxR1VrZlJpcUk2TzZ6ai85Z282YwpocHJoUjJETm8zb3liUWZ4UDdZT1dBanl1Qm9NRUtqUWNkTzZobFY4UE5HWjQwVngwSmxLaUFIZzRqOENBd0VBCkFhTkNNRUF3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQll4OGtZVnZ0QQoyclJkdFNweENKZi84SWI1Z05NOTJNTm5IcGlqcUtRVHUyRmg3aFVFWVFzM0lLMmxBU2JWQXRrNmpHL2xwd0RCCmxCWlhkK01wM1pUc2xYbXlpVGNjOVVUdXFBWTQrMklZazJKYW1XU2p0MXlJN3RQUnZZaUI2WnFFdU50Y1BvSVEKOEJzK29MZlVUci9SZFIvamJ2ZlMybkwybm00L0t0N2pId2xNVTZua2VkUGJUbnhBMDVXaTVCanB4d2VvQjRWQwpsOGl3MkxUdkppU1UzOTFsaTJNZlNER1ZDcWZnMU54WHZhT1Jkcno5YXhOcDY0TDE0aFFnY3ZheGkxYWRrY0RCCkp0dURvd3Fkd1pXV1orZGw2RTR1aTlKSFZXUmVRWk9DcjdZTUJobzdiRTZESVZxeFR1c0Y3MUczd24vRFNSTGwKeWlrc1M4L1Zrci9XCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /validate-machinelearning-seldon-io-v1alpha2-seldondeployment + port: 8443 + failurePolicy: Fail + name: v1alpha2.vseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lSQVBpR2diQUl5Z3RKRk9NRnhjYXNIb1V3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlkzVnpkRzl0TFcxbGRISnBZM010WTJFd0hoY05NakF4TURNeE1UQTBPVFF4V2hjTgpNakV4TURNeE1UQTBPVFF4V2pBY01Sb3dHQVlEVlFRREV4RmpkWE4wYjIwdGJXVjBjbWxqY3kxallUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ1dnZEN6MVBoekRSYlNOWEsrYkduSUV2aHMKNWdKTzNudkd2K2VBcjladnBOampBTzZZMDdDNmQrcEFUQWlYdVpoMHU2aDVjaERqRmFMUGY2Wi9uWHNXVlNicApaUGFEN01NMU5TbDBiSlF3N3FEQlFaRjBLUmtuRUdmNDFkSkJKbFhYV0JERjZpbGQ1WU5lc1gxdThVQnNDTnZCCjVVUFZaR3dBdDA1SlBNUXNNcVNBR1RKUWdQcW9RbnV6RWN1WGRiZSswdHZ2RXpjUkVTMFJyNlVNWEtubVFVSlgKZFZKNy8yWExjZzhrVzRKOUM5VXczZ1AvME1WTEFCcFpLRGRvVnYwU2VObHFxR1VrZlJpcUk2TzZ6ai85Z282YwpocHJoUjJETm8zb3liUWZ4UDdZT1dBanl1Qm9NRUtqUWNkTzZobFY4UE5HWjQwVngwSmxLaUFIZzRqOENBd0VBCkFhTkNNRUF3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQll4OGtZVnZ0QQoyclJkdFNweENKZi84SWI1Z05NOTJNTm5IcGlqcUtRVHUyRmg3aFVFWVFzM0lLMmxBU2JWQXRrNmpHL2xwd0RCCmxCWlhkK01wM1pUc2xYbXlpVGNjOVVUdXFBWTQrMklZazJKYW1XU2p0MXlJN3RQUnZZaUI2WnFFdU50Y1BvSVEKOEJzK29MZlVUci9SZFIvamJ2ZlMybkwybm00L0t0N2pId2xNVTZua2VkUGJUbnhBMDVXaTVCanB4d2VvQjRWQwpsOGl3MkxUdkppU1UzOTFsaTJNZlNER1ZDcWZnMU54WHZhT1Jkcno5YXhOcDY0TDE0aFFnY3ZheGkxYWRrY0RCCkp0dURvd3Fkd1pXV1orZGw2RTR1aTlKSFZXUmVRWk9DcjdZTUJobzdiRTZESVZxeFR1c0Y3MUczd24vRFNSTGwKeWlrc1M4L1Zrci9XCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /validate-machinelearning-seldon-io-v1alpha3-seldondeployment + port: 8443 + failurePolicy: Fail + name: v1alpha3.vseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml new file mode 100644 index 0000000000..a797cdd212 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml @@ -0,0 +1,7196 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/seldon-serving-cert + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldondeployments.machinelearning.seldon.io +spec: + group: machinelearning.seldon.io + names: + kind: SeldonDeployment + listKind: SeldonDeploymentList + plural: seldondeployments + shortNames: + - sdep + singular: seldondeployment + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SeldonDeployment is the Schema for the seldondeployments API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SeldonDeploymentSpec defines the desired state of SeldonDeployment + properties: + annotations: + additionalProperties: + type: string + type: object + name: + description: Name is Deprecated will be removed in future + type: string + oauth_key: + type: string + oauth_secret: + type: string + predictors: + items: + properties: + annotations: + additionalProperties: + type: string + type: object + componentSpecs: + items: + properties: + hpaSpec: + properties: + maxReplicas: + format: int32 + type: integer + metrics: + items: + description: MetricSpec specifies how to scale based + on a single metric (only `type` and one other matching + field should be set at once). + properties: + external: + description: external refers to a global metric + that is not associated with any Kubernetes object. + It allows autoscaling based on information coming + from components running outside of cluster (for + example length of queue in cloud messaging service, + or QPS from loadbalancer running outside of + cluster). + properties: + metricName: + description: metricName is the name of the + metric in question. + type: string + metricSelector: + description: metricSelector is used to identify + a specific time series within a given metric. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + targetAverageValue: + anyOf: + - type: integer + - type: string + description: targetAverageValue is the target + per-pod value of global metric (as a quantity). + Mutually exclusive with TargetValue. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + targetValue: + anyOf: + - type: integer + - type: string + description: targetValue is the target value + of the metric (as a quantity). Mutually + exclusive with TargetAverageValue. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - metricName + type: object + object: + description: object refers to a metric describing + a single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all + relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metricName: + description: metricName is the name of the + metric in question. + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + target: + description: target is the described Kubernetes + object. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: 'Kind of the referent; More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' + type: string + name: + description: 'Name of the referent; More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - kind + - name + type: object + targetValue: + anyOf: + - type: integer + - type: string + description: targetValue is the target value + of the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - metricName + - target + - targetValue + type: object + pods: + description: pods refers to a metric describing + each pod in the current scale target (for example, + transactions-processed-per-second). The values + will be averaged together before being compared + to the target value. + properties: + metricName: + description: metricName is the name of the + metric in question + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + targetAverageValue: + anyOf: + - type: integer + - type: string + description: targetAverageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - metricName + - targetAverageValue + type: object + resource: + description: resource refers to a resource metric + (such as those specified in requests and limits) + known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such + metrics are built in to Kubernetes, and have + special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource + in question. + type: string + targetAverageUtilization: + description: targetAverageUtilization is the + target value of the average of the resource + metric across all relevant pods, represented + as a percentage of the requested value of + the resource for the pods. + format: int32 + type: integer + targetAverageValue: + anyOf: + - type: integer + - type: string + description: targetAverageValue is the target + value of the average of the resource metric + across all relevant pods, as a raw value + (instead of as a percentage of the request), + similar to the "pods" metric source type. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + type: object + type: + description: type is the type of metric source. It + should be one of "Object", "Pods" or "Resource", + each mapping to a matching field in the object. + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + required: + - maxReplicas + type: object + kedaSpec: + description: SeldonScaledObjectSpec is the spec for a KEDA + ScaledObject resource + properties: + advanced: + description: AdvancedConfig specifies advance scaling + options + properties: + horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies + horizontal scale config + properties: + behavior: + description: HorizontalPodAutoscalerBehavior + configures the scaling behavior of the target + in both Up and Down directions (scaleUp and + scaleDown fields respectively). + properties: + scaleDown: + description: scaleDown is scaling policy + for scaling Down. If not set, the default + value is to allow to scale down to minReplicas + pods, with a 300 second stabilization + window (i.e., the highest recommendation + for the last 300sec is used). + properties: + policies: + description: policies is a list of potential + scaling polices which can be used + during scaling. At least one policy + must be specified, otherwise the HPAScalingRules + will be discarded as invalid + items: + description: HPAScalingPolicy is a + single policy which must hold true + for a specified past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies + the window of time for which + the policy should hold true. + PeriodSeconds must be greater + than zero and less than or equal + to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify + the scaling policy. + type: string + value: + description: Value contains the + amount of change which is permitted + by the policy. It must be greater + than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + selectPolicy: + description: selectPolicy is used to + specify which policy should be used. + If not set, the default value MaxPolicySelect + is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which + past recommendations should be considered + while scaling up or scaling down. + StabilizationWindowSeconds must be + greater than or equal to zero and + less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' + format: int32 + type: integer + type: object + scaleUp: + description: 'scaleUp is scaling policy + for scaling Up. If not set, the default + value is the higher of: * increase no + more than 4 pods per 60 seconds * double + the number of pods per 60 seconds No stabilization + is used.' + properties: + policies: + description: policies is a list of potential + scaling polices which can be used + during scaling. At least one policy + must be specified, otherwise the HPAScalingRules + will be discarded as invalid + items: + description: HPAScalingPolicy is a + single policy which must hold true + for a specified past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies + the window of time for which + the policy should hold true. + PeriodSeconds must be greater + than zero and less than or equal + to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify + the scaling policy. + type: string + value: + description: Value contains the + amount of change which is permitted + by the policy. It must be greater + than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + selectPolicy: + description: selectPolicy is used to + specify which policy should be used. + If not set, the default value MaxPolicySelect + is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which + past recommendations should be considered + while scaling up or scaling down. + StabilizationWindowSeconds must be + greater than or equal to zero and + less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' + format: int32 + type: integer + type: object + type: object + resourceMetrics: + items: + description: ResourceMetricSource indicates + how to scale on a resource metric known + to Kubernetes, as specified in requests + and limits, describing each pod in the current + scale target (e.g. CPU or memory). The + values will be averaged together before + being compared to the target. Such metrics + are built in to Kubernetes, and have special + scaling options on top of those available + to normal per-pod metrics using the "pods" + source. Only one "target" type should be + set. + properties: + name: + description: name is the name of the resource + in question. + type: string + target: + description: target specifies the target + value for the given metric + properties: + averageUtilization: + description: averageUtilization is + the target value of the average + of the resource metric across all + relevant pods, represented as a + percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric + across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether + the metric type is Utilization, + Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value + of the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: array + type: object + restoreToOriginalReplicaCount: + type: boolean + type: object + cooldownPeriod: + format: int32 + type: integer + maxReplicaCount: + format: int32 + type: integer + minReplicaCount: + format: int32 + type: integer + pollingInterval: + format: int32 + type: integer + triggers: + items: + description: ScaleTriggers reference the scaler that + will be used + properties: + authenticationRef: + description: ScaledObjectAuthRef points to the + TriggerAuthentication object that is used to + authenticate the scaler with the environment + properties: + name: + type: string + required: + - name + type: object + metadata: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - metadata + - type + type: object + type: array + required: + - triggers + type: object + metadata: + type: object + pdbSpec: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" + pods in the deployment corresponding to a componentSpec + are unavailable after the eviction, i.e. even in absence + of the evicted pod. For example, one can prevent all + voluntary evictions by specifying 0. MaxUnavailable + and MinAvailable are mutually exclusive. + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" + pods in the deployment corresponding to a componentSpec + will still be available after the eviction, i.e. even + in the absence of the evicted pod. So for example + you can prevent all voluntary evictions by specifying + "100%". + x-kubernetes-int-or-string: true + type: object + replicas: + format: int32 + type: integer + spec: + description: PodSpec is a description of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may + be active on the node relative to StartTime before + the system will actively try to mark it failed and + kill associated containers. Value must be a positive + integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which + namespaces the labelSelector applies + to (matches against); null or empty + list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which + namespaces the labelSelector applies + to (matches against); null or empty + list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: List of containers belonging to the pod. + Containers cannot currently be added or removed. There + must be at least one container in a Pod. Cannot be + updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The reason for termination is passed to + the handler. The Pod''s termination grace + period countdown begins before the PreStop + hooked is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until + the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as + a DNS_LABEL. Each container in a pod must have + a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the + container. Exposing a port here gives the system + additional information about the network connections + a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which + is listening on the default "0.0.0.0" address + inside a container will be accessible from the + network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should + run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the + Pod has successfully initialized. If specified, + no other probes are executed until this completes + successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. + This can be used to provide different probe + parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data + or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature + enabled by the StartupProbe feature flag. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated + DNS configuration based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. + This will be appended to the base nameservers + generated from DNSPolicy. Duplicated nameservers + will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This + will be merged with the base options generated + from DNSPolicy. Duplicated entries will be removed. + Resolution options given in Options will override + those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search + paths generated from DNSPolicy. Duplicated search + paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to + "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', + 'ClusterFirst', 'Default' or 'None'. DNS parameters + given in DNSConfig will be merged with the policy + selected with DNSPolicy. To have DNS options set along + with hostNetwork, you have to specify DNS policy explicitly + to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this + pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. + This list cannot be specified when creating a pod, + and it cannot be modified by updating the pod spec. + In order to add an ephemeral container to an existing + pod, use the pod's ephemeralcontainers subresource. + This field is alpha-level and is only honored by servers + that enable the EphemeralContainers feature. + items: + description: An EphemeralContainer is a container + that may be added temporarily to an existing pod + for user-initiated activities such as debugging. + Ephemeral containers have no resource or scheduling + guarantees, and they will not be restarted when + they exit or when a pod is removed or restarted. + If an ephemeral container causes a pod to exceed + its resource allocation, the pod may be evicted. + Ephemeral containers may not be added by directly + updating the pod spec. They must be added via the + pod's ephemeralcontainers subresource, and they + will appear in the pod spec once added. This is + an alpha feature enabled by the EphemeralContainers + feature flag. + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The reason for termination is passed to + the handler. The Pod''s termination grace + period countdown begins before the PreStop + hooked is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until + the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified + as a DNS_LABEL. This name must be unique among + all containers, init containers and ephemeral + containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: Resources are not allowed for ephemeral + containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: SecurityContext is not allowed for + ephemeral containers. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + targetContainerName: + description: If set, the name of the container + from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces + (IPC, PID, etc) of this container. If not set + then the ephemeral container is run in whatever + namespaces are shared for the pod. Note that + the container runtime must support this feature. + type: string + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: HostAliases is an optional list of hosts + and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork + pods. + items: + description: HostAlias holds the mapping between IP + and hostnames that will be injected as an entry + in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: + Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. + Use the host's network namespace. If this option is + set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: + Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not + specified, the pod's hostname will be set to a system-defined + value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of + references to secrets in the same namespace to use + for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual + puller implementations for them to use. For example, + in the case of docker, only DockerConfig type secrets + are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + initContainers: + description: 'List of initialization containers belonging + to the pod. Init containers are executed in order + prior to containers being started. If any init container + fails, the pod is considered to have failed and is + handled according to its restartPolicy. The name for + an init container or normal container must be unique + among all containers. Init containers may not have + Lifecycle actions, Readiness probes, Liveness probes, + or Startup probes. The resourceRequirements of an + init container are taken into account during scheduling + by finding the highest request/limit for each resource + type, and then using the max of of that value or the + sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The reason for termination is passed to + the handler. The Pod''s termination grace + period countdown begins before the PreStop + hooked is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until + the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as + a DNS_LABEL. Each container in a pod must have + a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the + container. Exposing a port here gives the system + additional information about the network connections + a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which + is listening on the default "0.0.0.0" address + inside a container will be accessible from the + network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should + run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the + Pod has successfully initialized. If specified, + no other probes are executed until this completes + successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. + This can be used to provide different probe + parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data + or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature + enabled by the StartupProbe feature flag. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this + pod onto a specific node. If it is non-empty, the + scheduler simply schedules this pod onto that node, + assuming that it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead + associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time + by the RuntimeClass admission controller. If the RuntimeClass + admission controller is enabled, overhead must not + be set in Pod create requests. The RuntimeClass admission + controller will reject Pod create requests which have + the overhead already set. If RuntimeClass is configured + and selected in the PodSpec, Overhead will be set + to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md + This field is alpha-level as of Kubernetes v1.16, + and is only honored by servers that enable the PodOverhead + feature.' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. This field + is alpha-level and is only honored by servers that + enable the NonPreemptingPriority feature. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When + Priority Admission Controller is enabled, it prevents + users from setting this field. The admission controller + populates this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the highest + priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass + object with that name. If not specified, the pod priority + will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will + be evaluated for pod readiness. A pod is ready when + all its containers are ready AND all conditions specified + in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: 'Restart policy for all containers within + the pod. One of Always, OnFailure, Never. Default + to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches + the named class, the pod will not be run. If unset + or empty, the "legacy" RuntimeClass will be used, + which is an implicit class with an empty definition + that uses the default runtime handler. More info: + https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, the pod + will be dispatched by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security + attributes and common container settings. Optional: + Defaults to empty. See type description for default + values of each field.' + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The + owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not + modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the volume + before being exposed inside Pod. This field will + only apply to volume types which support fsGroup + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID. If unspecified, + no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated + alias for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the + ServiceAccount to use to run this pod. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + shareProcessNamespace: + description: 'Share a single process namespace between + all of the containers in a pod. When this is set containers + will be able to view and signal processes from other + containers in the same pod, and the first process + in each container will not be assigned PID 1. HostPID + and ShareProcessNamespace cannot both be set. Optional: + Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have + a domainname at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully. May be decreased in delete + request. Value must be non-negative integer. The value + zero indicates delete immediately. If this value is + nil, the default grace period will be used instead. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer than + the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. This field is only honored by + clusters that enable the EvenPodsSpread feature. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. It''s + the maximum permitted difference between the + number of matching pods in any two topology + domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and + pods with the same labelSelector spread as 1/1/0: + | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be + scheduled to zone3 to become 1/1/1; scheduling + it onto zone1(zone2) would make the ActualSkew(2-0) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew + is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s + considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates + "MaxSkew". For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: 'List of volumes that can be mounted by + containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + type: object + type: array + required: + - containers + type: object + type: object + type: array + engineResources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + explainer: + properties: + config: + additionalProperties: + type: string + type: object + containerSpec: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a + shell. The docker image''s ENTRYPOINT is used if this + is not provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string + will be unchanged. The $(VAR_NAME) syntax can be escaped + with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The reason for termination is passed to the + handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port + which is listening on the default "0.0.0.0" address + inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If this + probe fails, the Pod will be restarted, just as if the + livenessProbe failed. This can be used to provide different + probe parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data or warm + a cache, than during steady-state operation. This cannot + be updated. This is a beta feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. + type: string + required: + - name + type: object + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + modelUri: + type: string + serviceAccountName: + type: string + type: + type: string + type: object + graph: + properties: + children: + items: + properties: + children: + items: + properties: + children: + items: + properties: + children: + items: + properties: + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload + logging. v2alpha1 feature that is + added to v1 for backwards compatibility + while v1 is the storage version. + properties: + mode: + description: What payloads to + log + type: string + url: + description: URL to send request + logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. + v2alpha1 feature that is added to v1 for + backwards compatibility while v1 is the + storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging + CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. + v2alpha1 feature that is added to v1 for backwards + compatibility while v1 is the storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. v2alpha1 + feature that is added to v1 for backwards compatibility + while v1 is the storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. v2alpha1 feature + that is added to v1 for backwards compatibility while v1 + is the storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + serviceAccountName: + type: string + type: + type: string + required: + - name + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + replicas: + format: int32 + type: integer + shadow: + type: boolean + ssl: + properties: + certSecretName: + type: string + type: object + svcOrchSpec: + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + replicas: + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + type: object + traffic: + format: int32 + type: integer + required: + - graph + - name + type: object + type: array + protocol: + type: string + replicas: + format: int32 + type: integer + serverType: + type: string + transport: + type: string + required: + - predictors + type: object + status: + description: SeldonDeploymentStatus defines the observed state of SeldonDeployment + properties: + address: + description: 'Addressable placeholder until duckv1 issue is fixed: https://github.com/kubernetes-sigs/controller-tools/issues/391' + properties: + url: + type: string + type: object + deploymentStatus: + additionalProperties: + properties: + availableReplicas: + format: int32 + type: integer + description: + type: string + explainerFor: + type: string + name: + type: string + replicas: + format: int32 + type: integer + status: + type: string + type: object + type: object + description: + type: string + replicas: + format: int32 + type: integer + serviceStatus: + additionalProperties: + properties: + explainerFor: + type: string + grpcEndpoint: + type: string + httpEndpoint: + type: string + svcName: + type: string + type: object + type: object + state: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1alpha2 + served: true + storage: false + - name: v1alpha3 + served: true + storage: false diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/app.k8s.io_v1beta1_application_seldon-core-operator.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/app.k8s.io_v1beta1_application_seldon-core-operator.yaml new file mode 100644 index 0000000000..f1b4a2d313 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/app.k8s.io_v1beta1_application_seldon-core-operator.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: seldon + app.kubernetes.io/name: seldon-core-operator + name: seldon-core-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps/v1 + kind: StatefulSet + - group: v1 + kind: Service + - group: apps/v1 + kind: Deployment + - group: v1 + kind: Secret + - group: v1 + kind: ConfigMap + descriptor: + description: Seldon allows users to create ML Inference Graphs to deploy their + models and serve predictions + keywords: + - seldon + - inference + links: + - description: Docs + url: https://docs.seldon.io/projects/seldon-core/en/v1.1.0/ + maintainers: + - email: dev@seldon.io + name: Seldon + owners: + - email: dev@seldon.io + name: Seldon + type: seldon-core-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-1.2.1 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: seldon + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 1.2.1 diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/apps_v1_deployment_seldon-controller-manager.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/apps_v1_deployment_seldon-controller-manager.yaml new file mode 100644 index 0000000000..0d47a354ad --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/apps_v1_deployment_seldon-controller-manager.yaml @@ -0,0 +1,180 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + control-plane: seldon-controller-manager + name: seldon-controller-manager + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon1 + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: v0.5 + control-plane: seldon-controller-manager + template: + metadata: + annotations: + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon1 + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: v0.5 + control-plane: seldon-controller-manager + spec: + containers: + - args: + - --enable-leader-election + - --webhook-port=8443 + - --create-resources=$(MANAGER_CREATE_RESOURCES) + - "" + command: + - /manager + env: + - name: WATCH_NAMESPACE + value: "" + - name: RELATED_IMAGE_EXECUTOR + value: "" + - name: RELATED_IMAGE_ENGINE + value: "" + - name: RELATED_IMAGE_STORAGE_INITIALIZER + value: "" + - name: RELATED_IMAGE_SKLEARNSERVER_REST + value: "" + - name: RELATED_IMAGE_SKLEARNSERVER_GRPC + value: "" + - name: RELATED_IMAGE_XGBOOSTSERVER_REST + value: "" + - name: RELATED_IMAGE_XGBOOSTSERVER_GRPC + value: "" + - name: RELATED_IMAGE_MLFLOWSERVER_REST + value: "" + - name: RELATED_IMAGE_MLFLOWSERVER_GRPC + value: "" + - name: RELATED_IMAGE_TFPROXY_REST + value: "" + - name: RELATED_IMAGE_TFPROXY_GRPC + value: "" + - name: RELATED_IMAGE_TENSORFLOW + value: "" + - name: RELATED_IMAGE_EXPLAINER + value: "" + - name: RELATED_IMAGE_MOCK_CLASSIFIER + value: "" + - name: MANAGER_CREATE_RESOURCES + value: "false" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONTROLLER_ID + value: "" + - name: AMBASSADOR_ENABLED + value: "true" + - name: AMBASSADOR_SINGLE_NAMESPACE + value: "false" + - name: ENGINE_CONTAINER_IMAGE_AND_VERSION + value: docker.io/seldonio/engine:1.4.0 + - name: ENGINE_CONTAINER_IMAGE_PULL_POLICY + value: IfNotPresent + - name: ENGINE_CONTAINER_SERVICE_ACCOUNT_NAME + value: default + - name: ENGINE_CONTAINER_USER + value: "8888" + - name: ENGINE_LOG_MESSAGES_EXTERNALLY + value: "false" + - name: PREDICTIVE_UNIT_SERVICE_PORT + value: "9000" + - name: PREDICTIVE_UNIT_DEFAULT_ENV_SECRET_REF_NAME + value: "" + - name: PREDICTIVE_UNIT_METRICS_PORT_NAME + value: metrics + - name: ENGINE_SERVER_GRPC_PORT + value: "5001" + - name: ENGINE_SERVER_PORT + value: "8000" + - name: ENGINE_PROMETHEUS_PATH + value: /prometheus + - name: ISTIO_ENABLED + value: "true" + - name: KEDA_ENABLED + value: "false" + - name: ISTIO_GATEWAY + value: kubeflow/kubeflow-gateway + - name: ISTIO_TLS_MODE + value: "" + - name: USE_EXECUTOR + value: "true" + - name: EXECUTOR_CONTAINER_IMAGE_AND_VERSION + value: docker.io/seldonio/seldon-core-executor:1.4.0 + - name: EXECUTOR_CONTAINER_IMAGE_PULL_POLICY + value: IfNotPresent + - name: EXECUTOR_PROMETHEUS_PATH + value: /prometheus + - name: EXECUTOR_SERVER_PORT + value: "8000" + - name: EXECUTOR_CONTAINER_USER + value: "8888" + - name: EXECUTOR_CONTAINER_SERVICE_ACCOUNT_NAME + value: default + - name: EXECUTOR_SERVER_METRICS_PORT_NAME + value: metrics + - name: EXECUTOR_REQUEST_LOGGER_DEFAULT_ENDPOINT + value: http://default-broker + - name: DEFAULT_USER_ID + value: "8888" + - name: EXECUTOR_DEFAULT_CPU_REQUEST + value: 500m + - name: EXECUTOR_DEFAULT_MEMORY_REQUEST + value: 512Mi + - name: EXECUTOR_DEFAULT_CPU_LIMIT + value: 500m + - name: EXECUTOR_DEFAULT_MEMORY_LIMIT + value: 512Mi + - name: ENGINE_DEFAULT_CPU_REQUEST + value: 500m + - name: ENGINE_DEFAULT_MEMORY_REQUEST + value: 512Mi + - name: ENGINE_DEFAULT_CPU_LIMIT + value: 500m + - name: ENGINE_DEFAULT_MEMORY_LIMIT + value: 512Mi + image: docker.io/seldonio/seldon-core-operator:1.4.0 + imagePullPolicy: IfNotPresent + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 500m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + serviceAccountName: seldon-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: seldon-webhook-server-cert diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/cert-manager.io_v1alpha2_certificate_seldon-serving-cert.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/cert-manager.io_v1alpha2_certificate_seldon-serving-cert.yaml new file mode 100644 index 0000000000..6c3efd48e1 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/cert-manager.io_v1alpha2_certificate_seldon-serving-cert.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-serving-cert + namespace: kubeflow +spec: + commonName: seldon-webhook-service.kubeflow.svc + dnsNames: + - seldon-webhook-service.kubeflow.svc.cluster.local + - seldon-webhook-service.kubeflow.svc + issuerRef: + kind: Issuer + name: seldon-selfsigned-issuer + secretName: seldon-webhook-server-cert diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/cert-manager.io_v1alpha2_issuer_seldon-selfsigned-issuer.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/cert-manager.io_v1alpha2_issuer_seldon-selfsigned-issuer.yaml new file mode 100644 index 0000000000..6e4d81dd4d --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/cert-manager.io_v1alpha2_issuer_seldon-selfsigned-issuer.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-selfsigned-issuer + namespace: kubeflow +spec: + selfSigned: {} diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-role-kubeflow.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-role-kubeflow.yaml new file mode 100644 index 0000000000..c90e2e5b38 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-role-kubeflow.yaml @@ -0,0 +1,227 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-manager-role-kubeflow +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers/status + verbs: + - get + - patch + - update +- apiGroups: + - keda.sh + resources: + - scaledobjects + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keda.sh + resources: + - scaledobjects/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keda.sh + resources: + - scaledobjects/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.istio.io + resources: + - destinationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - destinationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - virtualservices/status + verbs: + - get + - patch + - update +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets/status + verbs: + - get + - patch + - update +- apiGroups: + - v1 + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - v1 + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - v1 + resources: + - services/status + verbs: + - get + - patch + - update diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-sas-role-kubeflow.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-sas-role-kubeflow.yaml new file mode 100644 index 0000000000..b60307725c --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-sas-role-kubeflow.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-manager-sas-role-kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-rolebinding-kubeflow.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-rolebinding-kubeflow.yaml new file mode 100644 index 0000000000..5b0af429d6 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-rolebinding-kubeflow.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-manager-rolebinding-kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: seldon-manager-role-kubeflow +subjects: +- kind: ServiceAccount + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-sas-rolebinding-kubeflow.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-sas-rolebinding-kubeflow.yaml new file mode 100644 index 0000000000..9df2a4c962 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-sas-rolebinding-kubeflow.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-manager-sas-rolebinding-kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: seldon-manager-sas-role-kubeflow +subjects: +- kind: ServiceAccount + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_role_seldon-leader-election-role.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_role_seldon-leader-election-role.yaml new file mode 100644 index 0000000000..f53272dc20 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_role_seldon-leader-election-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-leader-election-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_seldon-leader-election-rolebinding.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_seldon-leader-election-rolebinding.yaml new file mode 100644 index 0000000000..07b8ffc17b --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_seldon-leader-election-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-leader-election-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: seldon-leader-election-role +subjects: +- kind: ServiceAccount + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_configmap_seldon-config.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_configmap_seldon-config.yaml new file mode 100644 index 0000000000..fd6cd9f3cb --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_configmap_seldon-config.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + credentials: '{"gcs":{"gcsCredentialFileName":"gcloud-application-credentials.json"},"s3":{"s3AccessKeyIDName":"awsAccessKeyID","s3SecretAccessKeyName":"awsSecretAccessKey"}}' + explainer: '{"image":"seldonio/alibiexplainer:1.4.0"}' + predictor_servers: '{"MLFLOW_SERVER":{"grpc":{"defaultImageVersion":"1.4.0","image":"seldonio/mlflowserver_grpc"},"rest":{"defaultImageVersion":"1.4.0","image":"seldonio/mlflowserver_rest"}},"SKLEARN_SERVER":{"grpc":{"defaultImageVersion":"1.4.0","image":"seldonio/sklearnserver_grpc"},"protocols":{"kfserving":{"defaultImageVersion":"0.1.0","image":"seldonio/mlserver"}},"rest":{"defaultImageVersion":"1.4.0","image":"seldonio/sklearnserver_rest"}},"TENSORFLOW_SERVER":{"grpc":{"defaultImageVersion":"1.4.0","image":"seldonio/tfserving-proxy_grpc"},"rest":{"defaultImageVersion":"1.4.0","image":"seldonio/tfserving-proxy_rest"},"tensorflow":true,"tfImage":"tensorflow/serving:2.1.0"},"TRITON_SERVER":{"grpc":{"defaultImageVersion":"20.08-py3","image":"nvcr.io/nvidia/tritonserver"},"rest":{"defaultImageVersion":"20.08-py3","image":"nvcr.io/nvidia/tritonserver"}},"XGBOOST_SERVER":{"grpc":{"defaultImageVersion":"1.4.0","image":"seldonio/xgboostserver_grpc"},"protocols":{"kfserving":{"defaultImageVersion":"0.1.0","image":"seldonio/mlserver"}},"rest":{"defaultImageVersion":"1.4.0","image":"seldonio/xgboostserver_rest"}}}' + storageInitializer: '{"cpuLimit":"1","cpuRequest":"100m","image":"gcr.io/kfserving/storage-initializer:v0.4.0","memoryLimit":"1Gi","memoryRequest":"100Mi"}' +kind: ConfigMap +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + control-plane: seldon-controller-manager + name: seldon-config + namespace: kubeflow diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_service_seldon-webhook-service.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_service_seldon-webhook-service.yaml new file mode 100644 index 0000000000..423e612efa --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_service_seldon-webhook-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-webhook-service + namespace: kubeflow +spec: + ports: + - port: 8443 + targePort: 8443 + targetPort: 443 + selector: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon1 + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: v0.5 + control-plane: seldon-controller-manager diff --git a/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_serviceaccount_seldon-manager.yaml b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_serviceaccount_seldon-manager.yaml new file mode 100644 index 0000000000..c25f425f49 --- /dev/null +++ b/tests/stacks/openshift/application/seldon/test_data/expected/~g_v1_serviceaccount_seldon-manager.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.4.0 + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/openshift/application/tf-job/kustomize_test.go b/tests/stacks/openshift/application/tf-job/kustomize_test.go new file mode 100644 index 0000000000..3682f501eb --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/kustomize_test.go @@ -0,0 +1,15 @@ +package tf_job + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/openshift/application/tf-job", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..ebfcefbc9b --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tfjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: TFJob + plural: tfjobs + singular: tfjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + tfReplicaSpecs: + properties: + Chief: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + PS: + properties: + replicas: + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml new file mode 100644 index 0000000000..fc9715bb53 --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tf-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-job-crds contains the "TFJob" custom resource definition. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml new file mode 100644 index 0000000000..6e38dd861e --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml @@ -0,0 +1,47 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-operator allows users to create and manage the "TFJob" custom + resource. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/apps_v1_deployment_tf-job-operator.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/apps_v1_deployment_tf-job-operator.yaml new file mode 100644 index 0000000000..8ecdd25f1b --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/apps_v1_deployment_tf-job-operator.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + spec: + containers: + - args: + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/tf_operator:vmaster-gda226016 + name: tf-job-operator + serviceAccountName: tf-job-operator diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml new file mode 100644 index 0000000000..03147422e8 --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-tfjobs-admin +rules: [] diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml new file mode 100644 index 0000000000..942e4a625a --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" + name: kubeflow-tfjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml new file mode 100644 index 0000000000..3ebf508e03 --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-tfjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml new file mode 100644 index 0000000000..ac48bdc241 --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + - tfjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - '*' diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml new file mode 100644 index 0000000000..b69f8e4e4b --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tf-job-operator +subjects: +- kind: ServiceAccount + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_service_tf-job-operator.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_service_tf-job-operator.yaml new file mode 100644 index 0000000000..a13b8ac441 --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_service_tf-job-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + type: ClusterIP diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml new file mode 100644 index 0000000000..3e0982e277 --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-dashboard + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-dashboard + namespace: kubeflow diff --git a/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml b/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml new file mode 100644 index 0000000000..f7bf874b73 --- /dev/null +++ b/tests/stacks/openshift/application/tf-job/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/openshift/kustomize_test.go b/tests/stacks/openshift/kustomize_test.go new file mode 100644 index 0000000000..4a884375c6 --- /dev/null +++ b/tests/stacks/openshift/kustomize_test.go @@ -0,0 +1,15 @@ +package openshift + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../stacks/openshift", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/openshift/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/openshift/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 0000000000..c299e91151 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/openshift/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml new file mode 100644 index 0000000000..a77aa95832 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml @@ -0,0 +1,57 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a Dashboard UI for kubeflow + keywords: + - centraldashboard + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/centraldashboard + maintainers: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + owners: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + type: centraldashboard + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/instance: centraldashboard-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: centraldashboard + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/openshift/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml b/tests/stacks/openshift/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml new file mode 100644 index 0000000000..fc90772a0b --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: kubeflow.org + kind: Profile + descriptor: + description: "" + keywords: + - profiles + - kubeflow + links: + - description: profiles + url: https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller + - description: kfam + url: https://github.com/kubeflow/kubeflow/tree/master/components/access-management + maintainers: + - email: kunming@google.com + name: Kunming Qu + owners: + - email: kunming@google.com + name: Kunming Qu + type: profiles + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/instance: profiles-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: profiles + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/openshift/test_data/expected/apps_v1_deployment_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/apps_v1_deployment_centraldashboard.yaml new file mode 100644 index 0000000000..5acdaad94c --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/apps_v1_deployment_centraldashboard.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-f5fk62kk74 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-f5fk62kk74 + image: gcr.io/kubeflow-images-public/centraldashboard:vmaster-gd601b2d0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 30 + name: centraldashboard + ports: + - containerPort: 8082 + protocol: TCP + serviceAccountName: centraldashboard diff --git a/tests/stacks/openshift/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/openshift/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 0000000000..4b121898fa --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kustomize.component: profiles + name: profiles-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + kustomize.component: profiles + spec: + containers: + - args: null + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-f5fk62kk74 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-f5fk62kk74 + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-4mgcmtgk6t + image: quay.io/kubeflow/profile-controller:v1.1.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: null + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + - -userid-header + - $(USERID_HEADER) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-f5fk62kk74 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-f5fk62kk74 + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/openshift/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml new file mode 100644 index 0000000000..b08a52c193 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: / + rewrite: + uri: / + route: + - destination: + host: centraldashboard.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/openshift/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml b/tests/stacks/openshift/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml new file mode 100644 index 0000000000..1bfe3a5c76 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /kfam + match: + - uri: + prefix: /kfam/ + rewrite: + uri: /kfam/ + route: + - destination: + host: profiles-kfam.kubeflow.svc.cluster.local + port: + number: 8081 diff --git a/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml new file mode 100644 index 0000000000..7491bff88e --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +rules: +- apiGroups: + - "" + resources: + - events + - namespaces + - nodes + verbs: + - get + - list + - watch diff --git a/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..d06cac3fd8 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 0000000000..663e87dbcd --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml new file mode 100644 index 0000000000..8bd0261ab6 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +rules: +- apiGroups: + - "" + - app.k8s.io + resources: + - applications + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get diff --git a/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..c1c4c30793 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/openshift/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml b/tests/stacks/openshift/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml new file mode 100644 index 0000000000..8e699a0a15 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/~g_v1_configmap_kubeflow-config-f5fk62kk74.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + clusterdomain: "" + namespace: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-f5fk62kk74 + namespace: kubeflow diff --git a/tests/stacks/openshift/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/openshift/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml new file mode 100644 index 0000000000..e77d6f69ed --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + admin: "" + gcp-sa: "" +kind: ConfigMap +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles-config-4mgcmtgk6t + namespace: kubeflow diff --git a/tests/stacks/openshift/test_data/expected/~g_v1_service_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/~g_v1_service_centraldashboard.yaml new file mode 100644 index 0000000000..3f50af45e4 --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/~g_v1_service_centraldashboard.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: centralui-mapping + prefix: / + rewrite: / + service: centraldashboard.$(namespace) + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8082 + selector: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + sessionAffinity: None + type: ClusterIP diff --git a/tests/stacks/openshift/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/openshift/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 0000000000..db1f50bd7d --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + ports: + - port: 8081 + selector: + kustomize.component: profiles diff --git a/tests/stacks/openshift/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml b/tests/stacks/openshift/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml new file mode 100644 index 0000000000..55deba785d --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/openshift/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/openshift/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 0000000000..881ccbf1bd --- /dev/null +++ b/tests/stacks/openshift/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: profiles + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-controller.yaml index f4365dfcb4..5e4f7428b9 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-controller.yaml +++ b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -51,7 +51,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-controller:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-controller ports: diff --git a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-db-manager.yaml index fa5dfefaee..8ac90c6c32 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-db-manager.yaml +++ b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -50,7 +50,7 @@ spec: secretKeyRef: key: MYSQL_ROOT_PASSWORD name: katib-mysql-secrets - image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-ui.yaml index 573c31aa39..d5972b7767 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-ui.yaml +++ b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -49,7 +49,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/kubeflowkatib/katib-ui:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 imagePullPolicy: IfNotPresent name: katib-ui ports: diff --git a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml index c415a32c8f..6793a30835 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml +++ b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -84,6 +84,7 @@ rules: - tekton.dev resources: - pipelineruns + - taskruns verbs: - '*' - apiGroups: diff --git a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_katib-config.yaml index 7f00306941..d764d91d2c 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_katib-config.yaml +++ b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -3,20 +3,20 @@ data: early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", "imagePullPolicy": "Always" } } metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", "resources": { "limits": { "memory": "1Gi" @@ -27,22 +27,22 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-6dc1af8", + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", "imagePullPolicy": "Always", "resources": { "limits": { @@ -51,10 +51,10 @@ data: } }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-6dc1af8" + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" } } kind: ConfigMap diff --git a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_trial-template.yaml index 9d2dd76448..38c502dda2 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_trial-template.yaml +++ b/tests/tests/legacy_kustomizations/katib-controller/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -8,7 +8,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -25,7 +25,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-6dc1af8 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 command: - python3 - -u