diff --git a/apps/kubero-operator/base/config-map.yaml b/apps/kubero-operator/base/config-map.yaml new file mode 100644 index 0000000..131f184 --- /dev/null +++ b/apps/kubero-operator/base/config-map.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + + leaderElection: + leaderElect: true + resourceName: 811c9dc5.kubero.dev +kind: ConfigMap +metadata: + name: kubero-operator-manager-config diff --git a/apps/kubero-operator/base/deployment.yaml b/apps/kubero-operator/base/deployment.yaml new file mode 100644 index 0000000..e81ed5b --- /dev/null +++ b/apps/kubero-operator/base/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: kubero-operator-controller-manager +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --leader-election-id=kubero-operator + - --zap-log-level=info + image: ghcr.io/kubero-dev/kubero-operator/kuberoapp:v0.1.9 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: kubero-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/apps/kubero-operator/base/kubero-crd.yaml b/apps/kubero-operator/base/kubero-crd.yaml new file mode 100644 index 0000000..abbfacd --- /dev/null +++ b/apps/kubero-operator/base/kubero-crd.yaml @@ -0,0 +1,599 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberoapps.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoApp + listKind: KuberoAppList + plural: kuberoapps + singular: kuberoapp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoApp is the Schema for the kuberoapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoApp + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoApp + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberobuilds.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoBuild + listKind: KuberoBuildList + plural: kuberobuilds + singular: kuberobuild + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoBuild is the Schema for the kuberobuilds API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoBuild + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoBuild + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberocouchdbs.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoCouchDB + listKind: KuberoCouchDBList + plural: kuberocouchdbs + singular: kuberocouchdb + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoCouchDB is the Schema for the kuberocouchdbs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoCouchDB + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoCouchDB + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberoelasticsearches.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoElasticsearch + listKind: KuberoElasticsearchList + plural: kuberoelasticsearches + singular: kuberoelasticsearch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoElasticsearch is the Schema for the kuberoelasticsearches API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoElasticsearch + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoElasticsearch + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberoes.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: Kubero + listKind: KuberoList + plural: kuberoes + singular: kubero + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Kubero is the Schema for the kuberoes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Kubero + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Kubero + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberokafkas.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoKafka + listKind: KuberoKafkaList + plural: kuberokafkas + singular: kuberokafka + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoKafka is the Schema for the kuberokafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoKafka + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoKafka + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberomails.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMail + listKind: KuberoMailList + plural: kuberomails + singular: kuberomail + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMail is the Schema for the kuberomails API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMail + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMail + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberomemcacheds.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMemcached + listKind: KuberoMemcachedList + plural: kuberomemcacheds + singular: kuberomemcached + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMemcached is the Schema for the kuberomemcacheds API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMemcached + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMemcached + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberomongodbs.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMongoDB + listKind: KuberoMongoDBList + plural: kuberomongodbs + singular: kuberomongodb + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMongoDB is the Schema for the kuberomongodbs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMongoDB + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMongoDB + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberomysqls.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMysql + listKind: KuberoMysqlList + plural: kuberomysqls + singular: kuberomysql + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMysql is the Schema for the kuberomysqls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMysql + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMysql + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberopipelines.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoPipeline + listKind: KuberoPipelineList + plural: kuberopipelines + singular: kuberopipeline + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoPipeline is the Schema for the kuberopipelines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoPipeline + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoPipeline + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberopostgresqls.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoPostgresql + listKind: KuberoPostgresqlList + plural: kuberopostgresqls + singular: kuberopostgresql + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoPostgresql is the Schema for the kuberopostgresqls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoPostgresql + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoPostgresql + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberoprometheuses.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoPrometheus + listKind: KuberoPrometheusList + plural: kuberoprometheuses + singular: kuberoprometheus + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoPrometheus is the Schema for the kuberoprometheuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoPrometheus + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoPrometheus + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberorabbitmqs.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoRabbitMQ + listKind: KuberoRabbitMQList + plural: kuberorabbitmqs + singular: kuberorabbitmq + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoRabbitMQ is the Schema for the kuberorabbitmqs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoRabbitMQ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoRabbitMQ + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kuberoredis.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoRedis + listKind: KuberoRedisList + plural: kuberoredis + singular: kuberoredis + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoRedis is the Schema for the kuberoredis API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoRedis + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoRedis + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/kubero-operator/base/rbac.yaml b/apps/kubero-operator/base/rbac.yaml new file mode 100644 index 0000000..8d1f6b8 --- /dev/null +++ b/apps/kubero-operator/base/rbac.yaml @@ -0,0 +1,827 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubero-operator-leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubero-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + - apps + resources: + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - rbac.authorization.k8s.io + - "" + resources: + - roles + - clusterroles + - clusterrolebindings + - rolebindings + - secrets + - deployments + - namespaces + - services + - ingresses + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberoapps + - kuberoapps/status + - kuberoapps/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - apps + - "" + resources: + - deployments + - serviceaccounts + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - networking.k8s.io + - "" + resources: + - ingresses + - rolebindings + - services + - jobs + verbs: + - '*' +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - opstreelabs.in + resources: + - mongodbs + verbs: + - '*' +- apiGroups: + - redis.redis.opstreelabs.in + resources: + - redis + - redisclusters + verbs: + - '*' +- apiGroups: + - postgres-operator.crunchydata.com + resources: + - postgresclusters + verbs: + - '*' +- apiGroups: + - minio.min.io + resources: + - tenants + verbs: + - '*' +- apiGroups: + - charts.operatorhub.io + resources: + - cockroachdbs + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - networking.cfargotunnel.com + resources: + - tunnels + - tunnelbindings + verbs: + - '*' +- apiGroups: + - clickhouse.altinity.com + resources: + - clickhouseinstallations + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberoes + - kuberoes/status + - kuberoes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + - persistentvolumeclaims/finalizers + - persistentvolumes/finalizers + verbs: + - '*' +- apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + verbs: + - '*' +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberopipelines + - kuberopipelines/status + - kuberopipelines/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - secrets + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberomysqls + - kuberomysqls/status + - kuberomysqls/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberopostgresqls + - kuberopostgresqls/status + - kuberopostgresqls/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberoredis + - kuberoredis/status + - kuberoredis/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberomongodbs + - kuberomongodbs/status + - kuberomongodbs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberoelasticsearches + - kuberoelasticsearches/status + - kuberoelasticsearches/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberocouchdbs + - kuberocouchdbs/status + - kuberocouchdbs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberokafkas + - kuberokafkas/status + - kuberokafkas/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' +- apiGroups: + - job + resources: + - batch + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberomails + - kuberomails/status + - kuberomails/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberorabbitmqs + - kuberorabbitmqs/status + - kuberorabbitmqs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberomemcacheds + - kuberomemcacheds/status + - kuberomemcacheds/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberoprometheuses + - kuberoprometheuses/status + - kuberoprometheuses/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - clusterrolebindings + verbs: + - '*' +- apiGroups: + - application.kubero.dev + resources: + - kuberobuilds + - kuberobuilds/status + - kuberobuilds/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubero-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubero-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubero-operator-leader-election-rolebinding + +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubero-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: kubero-operator-controller-manager + namespace: kubero-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubero-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubero-operator-manager-role +subjects: +- kind: ServiceAccount + name: kubero-operator-controller-manager + namespace: kubero-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubero-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubero-operator-proxy-role +subjects: +- kind: ServiceAccount + name: kubero-operator-controller-manager + namespace: kubero-operator-system +--- diff --git a/apps/kubero-operator/base/service-account.yaml b/apps/kubero-operator/base/service-account.yaml new file mode 100644 index 0000000..300479e --- /dev/null +++ b/apps/kubero-operator/base/service-account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubero-operator-controller-manager diff --git a/apps/kubero-operator/base/service.yaml b/apps/kubero-operator/base/service.yaml new file mode 100644 index 0000000..e6c537b --- /dev/null +++ b/apps/kubero-operator/base/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: kubero-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/apps/kubero-operator/kubero-operator.argoapp.yaml b/apps/kubero-operator/kubero-operator.argoapp.yaml new file mode 100644 index 0000000..a927e82 --- /dev/null +++ b/apps/kubero-operator/kubero-operator.argoapp.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kubero-operator + namespace: argocd +spec: + destination: + namespace: kubero-operator-system + server: https://cedille.kubernetes.omni.siderolabs.io?cluster=k8s-cedille-production + project: default + source: + path: apps/kubero-operator/ + repoURL: https://github.com/ClubCedille/k8s-cedille-production + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/kubero-operator/kustomization.yaml b/apps/kubero-operator/kustomization.yaml new file mode 100644 index 0000000..581a14c --- /dev/null +++ b/apps/kubero-operator/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - base/config-map.yaml + - base/deployment.yaml + - base/kubero-crd.yaml + - base/rbac.yaml + - base/service-account.yaml + - base/service.yaml diff --git a/apps/kubero-ui-baja/base/kubero.yaml b/apps/kubero-ui-baja/base/kubero.yaml new file mode 100644 index 0000000..96599af --- /dev/null +++ b/apps/kubero-ui-baja/base/kubero.yaml @@ -0,0 +1,254 @@ +apiVersion: application.kubero.dev/v1alpha1 +kind: Kubero +metadata: + name: kubero +spec: + # Default values copied from /helm-charts/kubero/values.yaml + env: + - name: OAUTH2_CLIENT_SECRET + valueFrom: + secretRef: + key: OAUTH2_CLIENT_SECRET + name: kubero-secrets + - name: OAUTH2_CLIENT_ID + valueFrom: + secretRef: + key: OAUTH2_CLIENT_ID + name: kubero-secrets + affinity: {} + fullnameOverride: "" + image: + pullPolicy: Always + repository: ghcr.io/kubero-dev/kubero/kubero + tag: "v2.4.6" + imagePullSecrets: [] + ingress: + enabled: false + nameOverride: "" + nodeSelector: {} + podAnnotations: {} + podSecurityContext: {} + prometheus: + enabled: true + endpoint: http://kubero-prometheus-server # for internal access via service without ingress + registry: + enabled: false # creates registry credentials for a external or a local registry (required for build strategy apps) + create: false # spins up a local registry + public: true # makes the registry public available + #host: registry.kubero.svc.cluster.local # works for pushes, but not for pulls. DO NOT USE THIS :( since it requires to configure all nodes ot acceppt this "insecure" registry + #host: docker.io # requires a docker account. Might be the best choice when running on a non public domain + host: registry.demo.kubero.dev # will make your images publicly avaialble with a basic auth protection + account: + # create account with: + # docker run --entrypoint htpasswd httpd:2 -Bbn [username] [password] + # http://aspirine.org/htpasswd_en.html (use bcrypt) + username: kubero + password: kubero + hash: $2y$05$czQZpvtDYc5OzM/1r1pH0eAplT/okohh/mXoWl/Y65ZP/8/jnSWZq + port: 443 + storage: 1Gi + storageClassName: + replicaCount: 1 + resources: {} + securityContext: {} + service: + port: 2000 + type: ClusterIP + serviceAccount: + annotations: {} + create: true + name: "" + tolerations: [] + kubero: + debug: "" + namespace: kubero-ui-baja + context: inClusterContext + webhook_url: https://kubero.example.com/api/repo/webhooks + sessionKey: "randomString" + auth: + oauth2: + enabled: true + name: "authentik" + authUrl: "https://auth.etsmtl.club/application/o/authorize/" + tokenUrl: "https://auth.etsmtl.club/application/o/token/" + userInfoUrl: "https://auth.etsmtl.club/application/o/userinfo/" + callbackUrl: "https://kubero.etsmtl.club/api/auth/oauth2/callback" + scope: "openid email profile" # space seperated list of scopes + auditLogs: + enabled: false + storageClassName: + accessModes: + - ReadWriteOnce + size: 0.1Gi + limit: 1000 + config: + kubero: + readonly: false + admin: + disabled: true + console: + enabled: true + banner: + show: true + message: "Welcome to Kubero! CEDILLE" + bgcolor: "#8560A9" + fontcolor: "azure" + notifications: [] + clusterissuer: letsencrypt-etsmtl + templates: + enabled: true + catalogs: + - name: "Kubero" + description: "Kubero templates" + templateBasePath: "https://raw.githubusercontent.com/kubero-dev/kubero/main/services/" + index: + url: "https://raw.githubusercontent.com/kubero-dev/templates/main/index.json" + format: "json" # json or yaml # TODO has no effect yet. json is always used + - name: "Kubero Frameworks" + description: "Kubero templates" + templateBasePath: "https://raw.githubusercontent.com/kubero-dev/kubero/main/services/" + index: + url: "https://raw.githubusercontent.com/kubero-dev/templates/main/index-frameworks.json" + format: "json" # json or yaml # TODO has no effect yet. json is always used + buildPacks: + - name: NodeJS + language: JavaScript + fetch: + repository: ghcr.io/kubero-dev/fetch + tag: v1 + securityContext: + runAsUser: 1000 + build: + repository: node + tag: latest + command: "npm install" + securityContext: + runAsUser: 1000 + run: + repository: node + tag: latest + command: "node index.js" + - name: PHP + language: PHP + fetch: + repository: ghcr.io/kubero-dev/fetch + tag: v1 + securityContext: + runAsUser: 1000 + build: + repository: composer + tag: latest + command: "composer install; chown -R 1000:1000 /app" + run: + repository: webdevops/php-apache + tag: "8.1" + readOnlyAppStorage: false + securityContext: + allowPrivilegeEscalation: true + readOnlyRootFilesystem: false + command: "apache2-foreground" + - name: Python + language: Python + fetch: + repository: ghcr.io/kubero-dev/fetch + tag: v1 + securityContext: + runAsUser: 1000 + build: + repository: python + tag: 3.10-buster + command: "python3 -m venv .venv && . .venv/bin/activate && pip install -r requirements.txt" + run: + repository: python + tag: 3.10-buster + command: ". .venv/bin/activate && python3 main.py" + - name: GoLang + language: GoLang + fetch: + repository: ghcr.io/kubero-dev/fetch + tag: v1 + securityContext: + runAsUser: 1000 + build: + repository: golang + tag: alpine + command: "go mod download && go mod verify && go build -v -o app" + run: + repository: golang + tag: alpine + command: "./app" + - name: Hugo + language: GoLang + fetch: + repository: ghcr.io/kubero-dev/fetch + tag: v1 + securityContext: + runAsUser: 1000 + build: + repository: klakegg/hugo + tag: latest + command: hugo -D + run: + repository: caddy + tag: latest + command: caddy file-server --listen :8080 --root /app/public + - name: Ruby + language: Ruby + fetch: + repository: ghcr.io/kubero-dev/fetch + tag: v1 + securityContext: + runAsUser: 1000 + build: + repository: ruby + tag: "2.7" + command: "export GEM_HOME=/app/bundle; bundle install --jobs=4 --retry=3" + run: + repository: ruby + tag: "2.7" + command: "export GEM_HOME=/app/bundle; bundle exec ruby main.rb" + - name: Static + language: HTML + fetch: + repository: ghcr.io/kubero-dev/fetch + tag: v1 + securityContext: + runAsUser: 1000 + build: + repository: busybox + tag: latest + command: "echo 'Buildpack not required'" + run: + repository: caddy + tag: latest + command: caddy file-server --listen :8080 --root /app + podSizeList: + - name: small + description: 'Small (CPU: 0.25, Memory: 0.5Gi)' + default: true + resources: + requests: + memory: 0.5Gi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name: medium + description: 'Medium (CPU: 1, Memory: 2Gi)' + resources: + requests: + memory: 2Gi + cpu: 1000m + limits: + memory: 4Gi + cpu: 2000m + - name: large + description: 'Large (CPU: 2, Memory: 4Gi)' + active: false + resources: + requests: + memory: 4Gi + cpu: 2000m + limits: + memory: 4Gi + cpu: 2000m diff --git a/apps/kubero-ui-baja/base/kustomization.yaml b/apps/kubero-ui-baja/base/kustomization.yaml new file mode 100644 index 0000000..b622747 --- /dev/null +++ b/apps/kubero-ui-baja/base/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - kubero.yaml diff --git a/apps/kubero-ui-baja/kubero-ui-baja.argoapp.yaml b/apps/kubero-ui-baja/kubero-ui-baja.argoapp.yaml new file mode 100644 index 0000000..68fae9b --- /dev/null +++ b/apps/kubero-ui-baja/kubero-ui-baja.argoapp.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kubero-ui-baja + namespace: argocd +spec: + destination: + namespace: kubero-ui-baja + server: https://cedille.kubernetes.omni.siderolabs.io?cluster=k8s-cedille-production + project: default + source: + path: apps/kubero-ui-baja/prod + repoURL: https://github.com/ClubCedille/k8s-cedille-production + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/kubero-ui-baja/prod/certificate.yaml b/apps/kubero-ui-baja/prod/certificate.yaml new file mode 100644 index 0000000..2588f6f --- /dev/null +++ b/apps/kubero-ui-baja/prod/certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kubero-ui-baja-tls +spec: + secretName: kubero-ui-baja-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + commonName: baja-kubero.prod.cedille.club + dnsNames: + - baja-kubero.prod.cedille.club diff --git a/apps/kubero-ui-baja/prod/httpproxy.yaml b/apps/kubero-ui-baja/prod/httpproxy.yaml new file mode 100644 index 0000000..3626017 --- /dev/null +++ b/apps/kubero-ui-baja/prod/httpproxy.yaml @@ -0,0 +1,20 @@ +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: kubero-ui-baja +spec: + virtualhost: + fqdn: baja-kubero.prod.cedille.club + tls: + secretName: kubero-ui-baja-tls + minimumProtocolVersion: "1.3" + routes: + - conditions: + - prefix: / + enableWebsockets: true + services: + - name: kubero + port: 2000 + timeoutPolicy: + idle: 600s + response: 600s diff --git a/apps/kubero-ui-baja/prod/kustomization.yaml b/apps/kubero-ui-baja/prod/kustomization.yaml new file mode 100644 index 0000000..15af01b --- /dev/null +++ b/apps/kubero-ui-baja/prod/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - certificate.yaml + - httpproxy.yaml + - ../base +# ../base/kubero.yaml has a reference to the namespace, to change for other clubs