From 22f11d2c9f37b0b468b20582dd61eb63bb880184 Mon Sep 17 00:00:00 2001 From: Vedant Shrotria <40681425+Jonsy13@users.noreply.github.com> Date: Mon, 15 Nov 2021 14:24:40 +0530 Subject: [PATCH] Adding manifests for v2.3.0 ChaosCenter (#3335) * Adding manifests for v2.3.0 ChaosCenter Signed-off-by: Jonsy13 * Adding manifests for v2.3.0 ChaosCenter Signed-off-by: Jonsy13 * Added initContainer for version upgrade. Signed-off-by: Jonsy13 * Added initContainer for version upgrade. Signed-off-by: Jonsy13 --- litmus-portal/README.md | 6 +- litmus-portal/cluster-k8s-manifest.yml | 25 + litmus-portal/namespaced-k8s-template.yml | 25 + .../litmus-portal-dev-manifest-template.yml | 25 + mkdocs/docs/2.3.0/litmus-2.3.0.yaml | 737 ++++++++++++++++++ .../docs/2.3.0/litmus-namespaced-2.3.0.yaml | 707 +++++++++++++++++ 6 files changed, 1522 insertions(+), 3 deletions(-) create mode 100644 mkdocs/docs/2.3.0/litmus-2.3.0.yaml create mode 100644 mkdocs/docs/2.3.0/litmus-namespaced-2.3.0.yaml diff --git a/litmus-portal/README.md b/litmus-portal/README.md index adddbe58bf8..a554469b09b 100644 --- a/litmus-portal/README.md +++ b/litmus-portal/README.md @@ -22,10 +22,10 @@ Litmus-Portal provides console and UI experience for managing, monitoring, and e #### Applying k8s manifest -> Litmus-2.2.0 (Stable) +> Litmus-2.3.0 (Stable) ```bash -kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/2.2.0/mkdocs/docs/2.2.0/litmus-2.2.0.yaml +kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/2.3.0/mkdocs/docs/2.3.0/litmus-2.3.0.yaml ``` Or @@ -44,7 +44,7 @@ Or export LITMUS_PORTAL_NAMESPACE="" kubectl create ns ${LITMUS_PORTAL_NAMESPACE} kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/litmus-portal-crds.yml -curl https://raw.githubusercontent.com/litmuschaos/litmus/2.2.0/mkdocs/docs/2.2.0/litmus-namespaced-2.2.0.yaml --output litmus-portal-namespaced-k8s-template.yml +curl https://raw.githubusercontent.com/litmuschaos/litmus/2.3.0/mkdocs/docs/2.3.0/litmus-namespaced-2.3.0.yaml --output litmus-portal-namespaced-k8s-template.yml envsubst '${LITMUS_PORTAL_NAMESPACE}' < litmus-portal-namespaced-k8s-template.yml > ${LITMUS_PORTAL_NAMESPACE}-ns-scoped-litmus-portal-manifest.yml kubectl apply -f ${LITMUS_PORTAL_NAMESPACE}-ns-scoped-litmus-portal-manifest.yml -n ${LITMUS_PORTAL_NAMESPACE} ``` diff --git a/litmus-portal/cluster-k8s-manifest.yml b/litmus-portal/cluster-k8s-manifest.yml index 7adb89731c4..71a09669261 100644 --- a/litmus-portal/cluster-k8s-manifest.yml +++ b/litmus-portal/cluster-k8s-manifest.yml @@ -563,6 +563,31 @@ spec: [ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", ] + - name: server-version-updater + image: litmuschaos/mongo-utils:latest + command: ["/bin/sh"] + args: ["-c"," mongo $DB_SERVER --username $DB_USER --password $DB_PASSWORD --eval 'db=db.getSiblingDB(\"litmus\");db.getCollection(\"server-config-collection\").updateOne({\"key\":\"version\"},{ \"$set\":{ \"value\":\"'$VERSION'\"}})'"] + env: + - name: VERSION + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: VERSION + - name: DB_USER + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DB_SERVER containers: - name: graphql-server image: litmuschaos/litmusportal-server:ci diff --git a/litmus-portal/namespaced-k8s-template.yml b/litmus-portal/namespaced-k8s-template.yml index 3dd8b19da6c..00f2247c781 100644 --- a/litmus-portal/namespaced-k8s-template.yml +++ b/litmus-portal/namespaced-k8s-template.yml @@ -544,6 +544,31 @@ spec: [ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", ] + - name: server-version-updater + image: litmuschaos/mongo-utils:latest + command: ["/bin/sh"] + args: ["-c"," mongo $DB_SERVER --username $DB_USER --password $DB_PASSWORD --eval 'db=db.getSiblingDB(\"litmus\");db.getCollection(\"server-config-collection\").updateOne({\"key\":\"version\"},{ \"$set\":{ \"value\":\"'$VERSION'\"}})'"] + env: + - name: VERSION + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: VERSION + - name: DB_USER + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DB_SERVER containers: - name: graphql-server image: litmuschaos/litmusportal-server:ci diff --git a/litmus-portal/platforms/okteto/litmus-portal-dev-manifest-template.yml b/litmus-portal/platforms/okteto/litmus-portal-dev-manifest-template.yml index ed0bf0faf1d..30bfac03285 100644 --- a/litmus-portal/platforms/okteto/litmus-portal-dev-manifest-template.yml +++ b/litmus-portal/platforms/okteto/litmus-portal-dev-manifest-template.yml @@ -548,6 +548,31 @@ spec: [ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", ] + - name: server-version-updater + image: litmuschaos/mongo-utils:latest + command: ["/bin/sh"] + args: ["-c"," mongo $DB_SERVER --username $DB_USER --password $DB_PASSWORD --eval 'db=db.getSiblingDB(\"litmus\");db.getCollection(\"server-config-collection\").updateOne({\"key\":\"version\"},{ \"$set\":{ \"value\":\"'$VERSION'\"}})'"] + env: + - name: VERSION + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: VERSION + - name: DB_USER + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DB_SERVER containers: - name: graphql-server image: litmuschaos/litmusportal-server:ci diff --git a/mkdocs/docs/2.3.0/litmus-2.3.0.yaml b/mkdocs/docs/2.3.0/litmus-2.3.0.yaml new file mode 100644 index 00000000000..e232af102fa --- /dev/null +++ b/mkdocs/docs/2.3.0/litmus-2.3.0.yaml @@ -0,0 +1,737 @@ +### RBAC Manifests +## If SELF_CLUSTER="true" then these permissions are required to apply +## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-cr-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [pods, pods/exec] + verbs: [create, get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [configmaps] + verbs: [get, watch, list] +- apiGroups: [""] + resources: [persistentvolumeclaims] + verbs: [create, delete] +- apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers] + verbs: [get, list, watch, update, patch, delete, create] +- apiGroups: [argoproj.io] + resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [serviceaccounts] + verbs: [get, list] +- apiGroups: [argoproj.io] + resources: [cronworkflows, cronworkflows/finalizers] + verbs: [get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [events] + verbs: [create, patch] +- apiGroups: [policy] + resources: [poddisruptionbudgets] + verbs: [create, get, delete] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-cluster-scope-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.0.0 + app.kubernetes.io/component: operator-clusterrole + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-cluster-scope-for-litmusportal-server +rules: + - apiGroups: [""] + resources: [replicationcontrollers, secrets] + verbs: [get, list] + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] + - apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list] + - apiGroups: [batch] + resources: [jobs] + verbs: [get, list, deletecollection] + - apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list] + - apiGroups: [""] + resources: [pods, configmaps, events, services] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [list, get] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-cluster-scope-crb-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.0.0 + app.kubernetes.io/component: operator-clusterrolebinding + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-cluster-scope-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-cluster-scope-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-admin-cr-for-litmusportal-server + labels: + name: litmus-admin-cr-for-litmusportal-server +rules: + # *************************************************************************************** + # Permissions needed for preparing and monitor the chaos resources by chaos-runner + # *************************************************************************************** + + # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment.. + ## .. by creating the chaos-runner + + # for creating and monitoring the chaos-runner pods +- apiGroups: [""] + resources: [pods,events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for fetching configmaps and secrets to inject into chaos-runner pod (if specified) +- apiGroups: [""] + resources: [secrets, configmaps] + verbs: [get, list] + + # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for configuring and monitor the experiment job by chaos-runner pod +- apiGroups: [batch] + resources: [jobs] + verbs: [create, list, get, delete, deletecollection] + + # ******************************************************************** + # Permissions needed for creation and discovery of chaos experiments + # ******************************************************************** + + # The helper pods are created by experiment to perform the actual chaos injection ... + # ... for a period of chaos duration + + # for creating and deleting the helper or target app pod and events by experiment +- apiGroups: [""] + resources: [pods] + verbs: [create, delete, deletecollection] + + # for creating and monitoring the events for chaos operations +- apiGroups: [""] + resources: [events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for monitoring the helper and target app pod +- apiGroups: [""] + resources: [pods] + verbs: [get, list, patch, update] + + # for creating and managing to execute comands inside target container +- apiGroups: [""] + resources: [pods/exec, pods/eviction, replicationcontrollers] + verbs: [get,list,create] + + # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for creating and monitoring liveness services or monitoring target app services during chaos injection +- apiGroups: [""] + resources: [services] + verbs: [create, delete, get, list, delete, deletecollection] + + # for checking the app parent resources as deployments or sts and are eligible chaos candidates +- apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [list, get, patch, update, create, delete] + + # for checking the app parent resources as replicasets and are eligible chaos candidates +- apiGroups: [apps] + resources: [replicasets] + verbs: [list, get] + + # for checking the app parent resources as deamonsets and are eligible chaos candidates +- apiGroups: [apps] + resources: [daemonsets] + verbs: [list, get, delete] + + # for checking (openshift) app parent resources if they are eligible chaos candidates +- apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [list, get] + + # for checking (argo) app parent resources if they are eligible chaos candidates +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [list, get] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow +- apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [create, list, get, patch, update, delete] + + # for experiment to perform node status checks and other node level operations like taint, drain in the experiment. +- apiGroups: [""] + resources: [nodes] + verbs: [patch, get, list, update] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-admin-crb-for-litmusportal-server + labels: + name: litmus-admin-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-admin-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chaos-cr-for-litmusportal-server +rules: + # for managing the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods, services, namespaces] + verbs: [create, get, watch, patch, delete, list] + + # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods/log, secrets, configmaps] + verbs: [get, watch, create, delete, patch] + + # for creation & deletion of application in predefined workflows + - apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [get, watch, patch, create, delete] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules] + verbs: [create, list, get, patch, delete, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chaos-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chaos-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: subscriber-cr-for-litmusportal-server + namespace: litmus + labels: + name: subscriber-cr-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [configmaps] + verbs: [get, create, delete, update] +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [pods, namespaces, nodes, services] + verbs: [get, list, watch] +- apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosschedules, chaosresults] + verbs: [get, list, create, delete, update, watch] +- apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] +- apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list, delete] +- apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts] + verbs: [get, list, create, delete, update, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: subscriber-crb-for-litmusportal-server + namespace: litmus +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +roleRef: + kind: ClusterRole + name: subscriber-cr-for-litmusportal-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: event-tracker-cr-for-litmusportal-server +rules: +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies] + verbs: [create, delete, get, list, patch, update, watch] +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies/status] + verbs: [get, patch, update] +- apiGroups: ["", extensions, apps] + resources: [deployments, daemonsets, statefulsets, pods, configmaps] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: event-tracker-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: event-tracker-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +# litmus-server-cr is used by the litmusportal-server +# If SELF_CLUSTER=false, then only litmus-server-cr and litmus-server-crb are required. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-server-cr +rules: + - apiGroups: [networking.k8s.io, extensions] + resources: [ingresses] + verbs: [get] + - apiGroups: [""] + resources: [services, nodes, pods/log] + verbs: [get, watch] + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [create] + - apiGroups: [apps] + resources: [deployments] + verbs: [create] + - apiGroups: [""] + resources: [configmaps] + verbs: [get] + - apiGroups: [""] + resources: [serviceaccounts] + verbs: [create] + - apiGroups: [rbac.authorization.k8s.io] + resources: [rolebindings, roles, clusterrolebindings, clusterroles] + verbs: [create] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-server-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-server-cr +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +## Control plane manifests +--- +apiVersion: v1 +kind: Namespace +metadata: + name: litmus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-server-account + namespace: litmus +--- +apiVersion: v1 +kind: Secret +metadata: + name: litmus-portal-admin-secret + namespace: litmus +stringData: + JWT_SECRET: "litmus-portal@123" + DB_USER: "admin" + DB_PASSWORD: "1234" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmus-portal-admin-config + namespace: litmus +data: + DB_SERVER: "mongodb://mongo-service:27017" + AGENT_SCOPE: cluster + AGENT_NAMESPACE: litmus + VERSION: "2.3.0" + # Configurations if you are using dex for OAuth + DEX_ENABLED: "false" + OIDC_ISSUER: "http://:32000" + DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback" + DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend" + DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0" + OAuthJwtSecret: "litmus-oauth@123" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmusportal-frontend-nginx-configuration + namespace: litmus +data: + default.conf: | + server { + listen 8080; + server_name localhost; + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri /index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + location /auth/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9003/"; + } + + location /api/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + + location /ws/ { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + } +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-frontend + namespace: litmus + labels: + component: litmusportal-frontend +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-frontend + template: + metadata: + labels: + component: litmusportal-frontend + spec: + containers: + - name: litmusportal-frontend + image: litmuschaos/litmusportal-frontend:2.3.0 + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: AGENT_SCOPE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AGENT_SCOPE + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + volumes: + - name: nginx-config + configMap: + name: litmusportal-frontend-nginx-configuration +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-frontend-service + namespace: litmus +spec: + type: NodePort + ports: + - name: http + port: 9091 + targetPort: 8080 + selector: + component: litmusportal-frontend +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-server + namespace: litmus + labels: + component: litmusportal-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-server + template: + metadata: + labels: + component: litmusportal-server + spec: + initContainers: + - name: wait-for-mongodb + image: litmuschaos/curl:latest + command: ["/bin/sh", "-c"] + args: + [ + "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + ] + - name: server-version-updater + image: litmuschaos/mongo-utils:latest + command: ["/bin/sh"] + args: ["-c"," mongo $DB_SERVER --username $DB_USER --password $DB_PASSWORD --eval 'db=db.getSiblingDB(\"litmus\");db.getCollection(\"server-config-collection\").updateOne({\"key\":\"version\"},{ \"$set\":{ \"value\":\"'$VERSION'\"}})'"] + env: + - name: VERSION + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: VERSION + - name: DB_USER + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DB_SERVER + containers: + - name: graphql-server + image: litmuschaos/litmusportal-server:2.3.0 + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: SELF_CLUSTER + value: "true" + - name: LITMUS_PORTAL_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PORTAL_SCOPE + value: "cluster" + - name: SUBSCRIBER_IMAGE + value: "litmuschaos/litmusportal-subscriber:2.3.0" + - name: EVENT_TRACKER_IMAGE + value: "litmuschaos/litmusportal-event-tracker:2.3.0" + - name: ARGO_WORKFLOW_CONTROLLER_IMAGE + value: "litmuschaos/workflow-controller:v2.11.0" + - name: ARGO_WORKFLOW_EXECUTOR_IMAGE + value: "litmuschaos/argoexec:v2.11.0" + - name: LITMUS_CHAOS_OPERATOR_IMAGE + value: "litmuschaos/chaos-operator:2.2.0" + - name: LITMUS_CHAOS_RUNNER_IMAGE + value: "litmuschaos/chaos-runner:2.2.0" + - name: LITMUS_CHAOS_EXPORTER_IMAGE + value: "litmuschaos/chaos-exporter:2.2.0" + - name: SERVER_SERVICE_NAME + value: "litmusportal-server-service" + - name: AGENT_DEPLOYMENTS + value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: INGRESS + value: "false" + - name: INGRESS_NAME + value: "litmus-ingress" + - name: CONTAINER_RUNTIME_EXECUTOR + value: "k8sapi" + - name: HUB_BRANCH_NAME + value: "v2.2.x" + ports: + - containerPort: 8080 + imagePullPolicy: Always + - name: auth-server + image: litmuschaos/litmusportal-auth-server:2.3.0 + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: STRICT_PASSWORD_POLICY + value: "false" + - name: ADMIN_USERNAME + value: "admin" + - name: ADMIN_PASSWORD + value: "litmus" + ports: + - containerPort: 3000 + imagePullPolicy: Always + serviceAccountName: litmus-server-account +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-server-service + namespace: litmus +spec: + type: NodePort + ports: + - name: graphql-server + port: 9002 + targetPort: 8080 + - name: auth-server + port: 9003 + targetPort: 3000 + selector: + component: litmusportal-server +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongo + namespace: litmus + labels: + app: mongo +spec: + selector: + matchLabels: + component: database + serviceName: mongo + replicas: 1 + template: + metadata: + labels: + component: database + spec: + containers: + - name: mongo + image: litmuschaos/mongo:4.2.8 + ports: + - containerPort: 27017 + imagePullPolicy: Always + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + volumeClaimTemplates: + - metadata: + name: mongo-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mongo + name: mongo-service + namespace: litmus +spec: + ports: + - port: 27017 + targetPort: 27017 + selector: + component: database \ No newline at end of file diff --git a/mkdocs/docs/2.3.0/litmus-namespaced-2.3.0.yaml b/mkdocs/docs/2.3.0/litmus-namespaced-2.3.0.yaml new file mode 100644 index 00000000000..82378b2a102 --- /dev/null +++ b/mkdocs/docs/2.3.0/litmus-namespaced-2.3.0.yaml @@ -0,0 +1,707 @@ +### RBAC Manifests +## If SELF_CLUSTER="true" then these permissions are required to apply +## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/1b_argo_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [pods, pods/exec] + verbs: [create, get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [configmaps] + verbs: [get, watch, list] +- apiGroups: [""] + resources: [persistentvolumeclaims] + verbs: [create, delete] +- apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers] + verbs: [get, list, watch, update, patch, delete, create] +- apiGroups: [argoproj.io] + resources: [workflowtemplates, workflowtemplates/finalizers] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [serviceaccounts] + verbs: [get, list] +- apiGroups: [""] + resources: [secrets] + verbs: [get] +- apiGroups: [argoproj.io] + resources: [cronworkflows, cronworkflows/finalizers] + verbs: [get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [events] + verbs: [create, patch] +- apiGroups: [policy] + resources: [poddisruptionbudgets] + verbs: [create, get, delete] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: litmus-namespace-scope-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.0.0 + app.kubernetes.io/component: operator-role + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-namespace-scope-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [replicationcontrollers, secrets] + verbs: [get, list] +- apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] +- apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list, update] +- apiGroups: [batch] + resources: [jobs] + verbs: [get, list, create, deletecollection] +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list] +- apiGroups: [""] + resources: [pods, pods/exec, configmaps, events, services] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] +- apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: litmus-namespace-scope-rb-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.0.0 + app.kubernetes.io/component: operator-rolebinding + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-namespace-scope-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-namespace-scope-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: subscriber-role-for-litmusportal-server + labels: + name: subscriber-role-for-litmusportal-server +rules: + - apiGroups: [""] + resources: [configmaps] + verbs: [get, create, delete, update] + + - apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + - apiGroups: [""] + resources: [pods, namespaces, nodes, services] + verbs: [get, list, watch] + + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosschedules, chaosresults] + verbs: [get, list, create, delete, update, watch] + + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] + + - apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list, delete] + + - apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, rollouts] + verbs: [get, list, create, delete, update, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: subscriber-rb-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +roleRef: + kind: Role + name: subscriber-role-for-litmusportal-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: litmus-admin-role-for-litmusportal-server + labels: + name: litmus-admin-role-for-litmusportal-server +rules: + # *************************************************************************************** + # Permissions needed for preparing and monitor the chaos resources by chaos-runner + # *************************************************************************************** + + # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment.. + ## .. by creating the chaos-runner + + # for creating and monitoring the chaos-runner pods + - apiGroups: [""] + resources: [pods, events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for fetching configmaps and secrets to inject into chaos-runner pod (if specified) + - apiGroups: [""] + resources: [secrets, configmaps] + verbs: [get, list] + + # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner + - apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for configuring and monitor the experiment job by chaos-runner pod + - apiGroups: [batch] + resources: [jobs] + verbs: [create, list, get, delete, deletecollection] + + # ******************************************************************** + # Permissions needed for creation and discovery of chaos experiments + # ******************************************************************** + + # The helper pods are created by experiment to perform the actual chaos injection ... + # ... for a period of chaos duration + + # for creating and deleting the helper or target app pod and events by experiment + - apiGroups: [""] + resources: [pods] + verbs: [create, delete, deletecollection] + + # for creating and monitoring the events for chaos operations + - apiGroups: [""] + resources: [events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for monitoring the helper and target app pod + - apiGroups: [""] + resources: [pods] + verbs: [get, list, patch, update] + + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: [pods/exec, pods/eviction, replicationcontrollers] + verbs: [get, list, create] + + # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment + - apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for creating and monitoring liveness services or monitoring target app services during chaos injection + - apiGroups: [""] + resources: [services] + verbs: [create, delete, get, list, delete, deletecollection] + + # for checking the app parent resources as deployments or sts and are eligible chaos candidates + - apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [list, get, patch, update, create, delete] + + # for checking the app parent resources as replicasets and are eligible chaos candidates + - apiGroups: [apps] + resources: [replicasets] + verbs: [list, get] + + # for checking the app parent resources as deamonsets and are eligible chaos candidates + - apiGroups: [apps] + resources: [daemonsets] + verbs: [list, get, delete] + + # for checking (openshift) app parent resources if they are eligible chaos candidates + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [list, get] + + # for checking (argo) app parent resources if they are eligible chaos candidates + - apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [list, get] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [create, list, get, patch, update, delete] + + # for experiment to perform node status checks and other node level operations like taint, drain in the experiment. + - apiGroups: [""] + resources: [nodes] + verbs: [patch, get, list, update] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: litmus-admin-rb-for-litmusportal-server + labels: + name: litmus-admin-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-admin-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chaos-role-for-litmusportal-server +rules: + # for managing the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods, services] + verbs: [create, get, watch, patch, delete, list] + + # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods/log, secrets, configmaps] + verbs: [get, watch, create, delete, patch] + + # for creation & deletion of application in predefined workflows + - apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [get, watch, patch , create, delete] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: [litmuschaos.io] + resources: + [chaosengines, chaosexperiments, chaosresults, chaosschedules] + verbs: [create, list, get, patch, delete, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chaos-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chaos-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: event-tracker-role-for-litmusportal-server +rules: +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies] + verbs: [create, delete, get, list, patch, update, watch] +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies/status] + verbs: [get, patch, update] +- apiGroups: ["", extensions, apps] + resources: [deployments, daemonsets, statefulsets, pods, configmaps] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: event-tracker-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: event-tracker-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +# litmus-server-role is used by the litmusportal-server +# If SELF_CLUSTER=false, then only litmus-server-role and litmus-server-rb are required. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: litmus-server-role +rules: + - apiGroups: [networking.k8s.io, extensions] + resources: [ingresses] + verbs: [get] + - apiGroups: [""] + resources: [services, pods/log] + verbs: [get, watch] + - apiGroups: [apps] + resources: [deployments] + verbs: [create] + - apiGroups: [""] + resources: [configmaps] + verbs: [get] + - apiGroups: [""] + resources: [serviceaccounts] + verbs: [create] + - apiGroups: [rbac.authorization.k8s.io] + resources: [rolebindings, roles] + verbs: [create] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: litmus-server-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-server-role +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-server-account +--- +apiVersion: v1 +kind: Secret +metadata: + name: litmus-portal-admin-secret +stringData: + JWT_SECRET: "litmus-portal@123" + DB_USER: "admin" + DB_PASSWORD: "1234" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmus-portal-admin-config +data: + AGENT_SCOPE: namespace + AGENT_NAMESPACE: ${LITMUS_PORTAL_NAMESPACE} + DB_SERVER: "mongodb://mongo-service:27017" + VERSION: "2.3.0" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmusportal-frontend-nginx-configuration +data: + default.conf: | + server { + listen 8080; + server_name localhost; + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri /index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + location /auth/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9003/"; + } + + location /api/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + + location /ws/ { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + } +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-frontend + labels: + component: litmusportal-frontend +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-frontend + template: + metadata: + labels: + component: litmusportal-frontend + spec: + containers: + - name: litmusportal-frontend + image: litmuschaos/litmusportal-frontend:2.3.0 + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: AGENT_SCOPE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AGENT_SCOPE + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + volumes: + - name: nginx-config + configMap: + name: litmusportal-frontend-nginx-configuration +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-frontend-service +spec: + type: NodePort + ports: + - name: http + port: 9091 + targetPort: 8080 + selector: + component: litmusportal-frontend +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-server + labels: + component: litmusportal-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-server + template: + metadata: + labels: + component: litmusportal-server + spec: + initContainers: + - name: wait-for-mongodb + image: litmuschaos/curl:latest + command: ["/bin/sh", "-c"] + args: + [ + "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + ] + - name: server-version-updater + image: litmuschaos/mongo-utils:latest + command: ["/bin/sh"] + args: ["-c"," mongo $DB_SERVER --username $DB_USER --password $DB_PASSWORD --eval 'db=db.getSiblingDB(\"litmus\");db.getCollection(\"server-config-collection\").updateOne({\"key\":\"version\"},{ \"$set\":{ \"value\":\"'$VERSION'\"}})'"] + env: + - name: VERSION + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: VERSION + - name: DB_USER + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DB_SERVER + containers: + - name: graphql-server + image: litmuschaos/litmusportal-server:2.3.0 + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: LITMUS_PORTAL_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SELF_CLUSTER + value: "true" + - name: PORTAL_SCOPE + value: "namespace" + - name: AGENT_DEPLOYMENTS + value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]" + - name: PORTAL_ENDPOINT + value: "http://litmusportal-server-service:9002" + - name: SUBSCRIBER_IMAGE + value: "litmuschaos/litmusportal-subscriber:2.3.0" + - name: EVENT_TRACKER_IMAGE + value: "litmuschaos/litmusportal-event-tracker:2.3.0" + - name: ARGO_WORKFLOW_CONTROLLER_IMAGE + value: "litmuschaos/workflow-controller:v2.11.0" + - name: ARGO_WORKFLOW_EXECUTOR_IMAGE + value: "litmuschaos/argoexec:v2.11.0" + - name: LITMUS_CHAOS_OPERATOR_IMAGE + value: "litmuschaos/chaos-operator:2.2.0" + - name: LITMUS_CHAOS_RUNNER_IMAGE + value: "litmuschaos/chaos-runner:2.2.0" + - name: LITMUS_CHAOS_EXPORTER_IMAGE + value: "litmuschaos/chaos-exporter:2.2.0" + - name: CONTAINER_RUNTIME_EXECUTOR + value: "k8sapi" + - name: HUB_BRANCH_NAME + value: "v2.2.x" + ports: + - containerPort: 8080 + imagePullPolicy: Always + - name: auth-server + image: litmuschaos/litmusportal-auth-server:2.3.0 + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: STRICT_PASSWORD_POLICY + value: "false" + - name: ADMIN_USERNAME + value: "admin" + - name: ADMIN_PASSWORD + value: "litmus" + ports: + - containerPort: 3000 + imagePullPolicy: Always + serviceAccountName: litmus-server-account +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-server-service +spec: + type: NodePort + ports: + - name: graphql-server + port: 9002 + targetPort: 8080 + - name: auth-server + port: 9003 + targetPort: 3000 + selector: + component: litmusportal-server +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongo + labels: + app: mongo +spec: + selector: + matchLabels: + component: database + serviceName: mongo + replicas: 1 + template: + metadata: + labels: + component: database + spec: + containers: + - name: mongo + image: litmuschaos/mongo:4.2.8 + ports: + - containerPort: 27017 + imagePullPolicy: Always + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + volumeClaimTemplates: + - metadata: + name: mongo-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mongo + name: mongo-service +spec: + ports: + - port: 27017 + targetPort: 27017 + selector: + component: database