From cf3bf1b929efbaccd18e42618e32c5cdbc7b47fc Mon Sep 17 00:00:00 2001 From: ycz Date: Fri, 14 Feb 2025 10:14:01 +0800 Subject: [PATCH] add tob k8s --- tcs-upgrade/argoflow/argocd.yaml | 1968 ----------------- tcs-upgrade/argoflow/argoci.yaml | 1320 ----------- tcs-upgrade/kafka/akhq-di.yaml | 102 - tcs-upgrade/kafka/kafka-di.yaml | 107 - tcs-upgrade/kafka/kafka-ldap.yaml | 181 -- tcs-upgrade/kafka/storage-di.yaml | 9 - tcs-upgrade/service_group/config-server.yaml | 107 - .../service_group/discover-service.yaml | 144 -- .../elastic/elastic.yaml | 6 +- .../elastic/filebeat.yaml | 0 .../elastic/kibana.yaml | 0 .../elastic/logstash.yaml | 0 .../elastic/storage.yaml | 0 .../jenkins/jenkins.yaml | 2 +- {tcs-upgrade => tob-upgrade}/kafka/akhq.yaml | 0 {tcs-upgrade => tob-upgrade}/kafka/kafka.yaml | 10 +- .../kafka/storage.yaml | 0 .../kubesphere/k8scluster.yaml | 44 +- {tcs-upgrade => tob-upgrade}/mongo/mongo.yaml | 2 +- {tcs-upgrade => tob-upgrade}/mysql/mysql.yaml | 2 +- {tcs-upgrade => tob-upgrade}/redis/redis.yaml | 2 +- 21 files changed, 34 insertions(+), 3972 deletions(-) delete mode 100644 tcs-upgrade/argoflow/argocd.yaml delete mode 100644 tcs-upgrade/argoflow/argoci.yaml delete mode 100644 tcs-upgrade/kafka/akhq-di.yaml delete mode 100644 tcs-upgrade/kafka/kafka-di.yaml delete mode 100644 tcs-upgrade/kafka/kafka-ldap.yaml delete mode 100644 tcs-upgrade/kafka/storage-di.yaml delete mode 100644 tcs-upgrade/service_group/config-server.yaml delete mode 100644 tcs-upgrade/service_group/discover-service.yaml rename {tcs-upgrade => tob-upgrade}/elastic/elastic.yaml (95%) rename {tcs-upgrade => tob-upgrade}/elastic/filebeat.yaml (100%) rename {tcs-upgrade => tob-upgrade}/elastic/kibana.yaml (100%) rename {tcs-upgrade => tob-upgrade}/elastic/logstash.yaml (100%) rename {tcs-upgrade => tob-upgrade}/elastic/storage.yaml (100%) rename {tcs-upgrade => tob-upgrade}/jenkins/jenkins.yaml (97%) rename {tcs-upgrade => tob-upgrade}/kafka/akhq.yaml (100%) rename {tcs-upgrade => tob-upgrade}/kafka/kafka.yaml (96%) rename {tcs-upgrade => tob-upgrade}/kafka/storage.yaml (100%) rename {tcs-upgrade => tob-upgrade}/kubesphere/k8scluster.yaml (68%) rename {tcs-upgrade => tob-upgrade}/mongo/mongo.yaml (96%) rename {tcs-upgrade => tob-upgrade}/mysql/mysql.yaml (96%) rename {tcs-upgrade => tob-upgrade}/redis/redis.yaml (96%) diff --git a/tcs-upgrade/argoflow/argocd.yaml b/tcs-upgrade/argoflow/argocd.yaml deleted file mode 100644 index 5e50828..0000000 --- a/tcs-upgrade/argoflow/argocd.yaml +++ /dev/null @@ -1,1968 +0,0 @@ -# This is an auto-generated file. DO NOT EDIT -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -rules: -- apiGroups: - - argoproj.io - resources: - - applications - - applicationsets - - applicationsets/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - argoproj.io - resources: - - appprojects - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - applicationsets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller -rules: -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - argocd-notifications-cm - resources: - - configmaps - verbs: - - get -- apiGroups: - - "" - resourceNames: - - argocd-notifications-secret - resources: - - secrets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - applicationsets - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-application-controller -subjects: -- kind: ServiceAccount - name: argocd-application-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-applicationset-controller -subjects: -- kind: ServiceAccount - name: argocd-applicationset-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-dex-server -subjects: -- kind: ServiceAccount - name: argocd-dex-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-notifications-controller -subjects: -- kind: ServiceAccount - name: argocd-notifications-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-server -subjects: -- kind: ServiceAccount - name: argocd-server ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-cm - app.kubernetes.io/part-of: argocd - name: argocd-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-cmd-params-cm - app.kubernetes.io/part-of: argocd - name: argocd-cmd-params-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-gpg-keys-cm - app.kubernetes.io/part-of: argocd - name: argocd-gpg-keys-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-rbac-cm - app.kubernetes.io/part-of: argocd - name: argocd-rbac-cm ---- -apiVersion: v1 -data: - ssh_known_hosts: | - # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT - [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= - bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= - bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-ssh-known-hosts-cm - app.kubernetes.io/part-of: argocd - name: argocd-ssh-known-hosts-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-tls-certs-cm - app.kubernetes.io/part-of: argocd - name: argocd-tls-certs-cm ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-secret -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/name: argocd-secret - app.kubernetes.io/part-of: argocd - name: argocd-secret -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -spec: - ports: - - name: webhook - port: 7000 - protocol: TCP - targetPort: webhook - - name: metrics - port: 8080 - protocol: TCP - targetPort: metrics - selector: - app.kubernetes.io/name: argocd-applicationset-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -spec: - ports: - - name: http - port: 5556 - protocol: TCP - targetPort: 5556 - - name: grpc - port: 5557 - protocol: TCP - targetPort: 5557 - - name: metrics - port: 5558 - protocol: TCP - targetPort: 5558 - selector: - app.kubernetes.io/name: argocd-dex-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: metrics - app.kubernetes.io/name: argocd-metrics - app.kubernetes.io/part-of: argocd - name: argocd-metrics -spec: - ports: - - name: metrics - port: 8082 - protocol: TCP - targetPort: 8082 - selector: - app.kubernetes.io/name: argocd-application-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller-metrics - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller-metrics -spec: - ports: - - name: metrics - port: 9001 - protocol: TCP - targetPort: 9001 - selector: - app.kubernetes.io/name: argocd-notifications-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -spec: - ports: - - name: tcp-redis - port: 6379 - targetPort: 6379 - selector: - app.kubernetes.io/name: argocd-redis ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server -spec: - ports: - - name: server - port: 8081 - protocol: TCP - targetPort: 8081 - - name: metrics - port: 8084 - protocol: TCP - targetPort: 8084 - selector: - app.kubernetes.io/name: argocd-repo-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: https - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app.kubernetes.io/name: argocd-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server-metrics - app.kubernetes.io/part-of: argocd - name: argocd-server-metrics -spec: - ports: - - name: metrics - port: 8083 - protocol: TCP - targetPort: 8083 - selector: - app.kubernetes.io/name: argocd-server ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-applicationset-controller - template: - metadata: - labels: - app.kubernetes.io/name: argocd-applicationset-controller - spec: - containers: - - args: - - /usr/local/bin/argocd-applicationset-controller - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.leader.election - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.policy - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.debug - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.dryrun - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_GIT_MODULES_ENABLED - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.git.submodule - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.progressive.syncs - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.repo.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.concurrent.reconciliations.max - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:v2.7.4 - imagePullPolicy: Always - name: argocd-applicationset-controller - ports: - - containerPort: 7000 - name: webhook - - containerPort: 8080 - name: metrics - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/gpg/source - name: gpg-keys - - mountPath: /app/config/gpg/keys - name: gpg-keyring - - mountPath: /tmp - name: tmp - - mountPath: /app/config/reposerver/tls - name: argocd-repo-server-tls - serviceAccountName: argocd-applicationset-controller - volumes: - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - configMap: - name: argocd-gpg-keys-cm - name: gpg-keys - - emptyDir: {} - name: gpg-keyring - - emptyDir: {} - name: tmp - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-dex-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-dex-server - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - command: - - /shared/argocd-dex - - rundex - env: - - name: ARGOCD_DEX_SERVER_DISABLE_TLS - valueFrom: - configMapKeyRef: - key: dexserver.disable.tls - name: argocd-cmd-params-cm - optional: true - image: ghcr.io/dexidp/dex:v2.36.0 - imagePullPolicy: Always - name: dex - ports: - - containerPort: 5556 - - containerPort: 5557 - - containerPort: 5558 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /shared - name: static-files - - mountPath: /tmp - name: dexconfig - - mountPath: /tls - name: argocd-dex-server-tls - initContainers: - - command: - - /bin/cp - - -n - - /usr/local/bin/argocd - - /shared/argocd-dex - image: quay.io/argoproj/argocd:v2.7.4 - imagePullPolicy: Always - name: copyutil - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /shared - name: static-files - - mountPath: /tmp - name: dexconfig - serviceAccountName: argocd-dex-server - volumes: - - emptyDir: {} - name: static-files - - emptyDir: {} - name: dexconfig - - name: argocd-dex-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-dex-server-tls ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-notifications-controller - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: argocd-notifications-controller - spec: - containers: - - args: - - /usr/local/bin/argocd-notifications - env: - - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: notificationscontroller.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: notificationscontroller.log.level - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:v2.7.4 - imagePullPolicy: Always - livenessProbe: - tcpSocket: - port: 9001 - name: argocd-notifications-controller - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/reposerver/tls - name: argocd-repo-server-tls - workingDir: /app - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: argocd-notifications-controller - volumes: - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-redis - template: - metadata: - labels: - app.kubernetes.io/name: argocd-redis - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - --save - - "" - - --appendonly - - "no" - image: redis:7.0.11-alpine - imagePullPolicy: Always - name: redis - ports: - - containerPort: 6379 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - securityContext: - runAsNonRoot: true - runAsUser: 999 - seccompProfile: - type: RuntimeDefault - serviceAccountName: argocd-redis ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-repo-server - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - automountServiceAccountToken: false - containers: - - args: - - /usr/local/bin/argocd-repo-server - env: - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true - - name: ARGOCD_REPO_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: reposerver.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: reposerver.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: reposerver.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: reposerver.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS - valueFrom: - configMapKeyRef: - key: reposerver.metrics.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_DISABLE_TLS - valueFrom: - configMapKeyRef: - key: reposerver.disable.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MIN_VERSION - valueFrom: - configMapKeyRef: - key: reposerver.tls.minversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MAX_VERSION - valueFrom: - configMapKeyRef: - key: reposerver.tls.maxversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_CIPHERS - valueFrom: - configMapKeyRef: - key: reposerver.tls.ciphers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: reposerver.repo.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - key: redis.compression - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: reposerver.default.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - key: otlp.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.max.combined.directory.manifests.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS - valueFrom: - configMapKeyRef: - key: reposerver.plugin.tar.exclusions - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS - valueFrom: - configMapKeyRef: - key: reposerver.allow.oob.symlinks - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.streamed.manifest.max.tar.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.streamed.manifest.max.extracted.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_GIT_MODULES_ENABLED - valueFrom: - configMapKeyRef: - key: reposerver.enable.git.submodule - name: argocd-cmd-params-cm - optional: true - - name: HELM_CACHE_HOME - value: /helm-working-dir - - name: HELM_CONFIG_HOME - value: /helm-working-dir - - name: HELM_DATA_HOME - value: /helm-working-dir - image: quay.io/argoproj/argocd:v2.7.4 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz?full=true - port: 8084 - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - name: argocd-repo-server - ports: - - containerPort: 8081 - - containerPort: 8084 - readinessProbe: - httpGet: - path: /healthz - port: 8084 - initialDelaySeconds: 5 - periodSeconds: 10 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/gpg/source - name: gpg-keys - - mountPath: /app/config/gpg/keys - name: gpg-keyring - - mountPath: /app/config/reposerver/tls - name: argocd-repo-server-tls - - mountPath: /tmp - name: tmp - - mountPath: /helm-working-dir - name: helm-working-dir - - mountPath: /home/argocd/cmp-server/plugins - name: plugins - initContainers: - - command: - - /bin/cp - - -n - - /usr/local/bin/argocd - - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:v2.7.4 - name: copyutil - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/run/argocd - name: var-files - serviceAccountName: argocd-repo-server - volumes: - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - configMap: - name: argocd-gpg-keys-cm - name: gpg-keys - - emptyDir: {} - name: gpg-keyring - - emptyDir: {} - name: tmp - - emptyDir: {} - name: helm-working-dir - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - emptyDir: {} - name: var-files - - emptyDir: {} - name: plugins ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-server - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - /usr/local/bin/argocd-server - env: - - name: ARGOCD_SERVER_INSECURE - valueFrom: - configMapKeyRef: - key: server.insecure - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_BASEHREF - valueFrom: - configMapKeyRef: - key: server.basehref - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_ROOTPATH - valueFrom: - configMapKeyRef: - key: server.rootpath - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: server.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_LOG_LEVEL - valueFrom: - configMapKeyRef: - key: server.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DEX_SERVER - valueFrom: - configMapKeyRef: - key: server.dex.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DISABLE_AUTH - valueFrom: - configMapKeyRef: - key: server.disable.auth - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_ENABLE_GZIP - valueFrom: - configMapKeyRef: - key: server.enable.gzip - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: server.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_X_FRAME_OPTIONS - valueFrom: - configMapKeyRef: - key: server.x.frame.options - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY - valueFrom: - configMapKeyRef: - key: server.content.security.policy - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: server.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: server.repo.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: server.dex.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: server.dex.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MIN_VERSION - valueFrom: - configMapKeyRef: - key: server.tls.minversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MAX_VERSION - valueFrom: - configMapKeyRef: - key: server.tls.maxversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_CIPHERS - valueFrom: - configMapKeyRef: - key: server.tls.ciphers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.connection.status.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.oidc.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.login.attempts.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_STATIC_ASSETS - valueFrom: - configMapKeyRef: - key: server.staticassets - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APP_STATE_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.app.state.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - key: redis.compression - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.default.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_MAX_COOKIE_NUMBER - valueFrom: - configMapKeyRef: - key: server.http.cookie.maxnumber - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: server.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: server.metrics.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - key: otlp.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - key: application.namespaces - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION - valueFrom: - configMapKeyRef: - key: server.enable.proxy.extension - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:v2.7.4 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz?full=true - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - timeoutSeconds: 5 - name: argocd-server - ports: - - containerPort: 8080 - - containerPort: 8083 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/server/tls - name: argocd-repo-server-tls - - mountPath: /app/config/dex/tls - name: argocd-dex-server-tls - - mountPath: /home/argocd - name: plugins-home - - mountPath: /tmp - name: tmp - serviceAccountName: argocd-server - volumes: - - emptyDir: {} - name: plugins-home - - emptyDir: {} - name: tmp - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - name: argocd-dex-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-dex-server-tls ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - serviceName: argocd-application-controller - template: - metadata: - labels: - app.kubernetes.io/name: argocd-application-controller - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - /usr/local/bin/argocd-application-controller - env: - - name: ARGOCD_CONTROLLER_REPLICAS - value: "1" - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true - - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.hard.reconciliation - name: argocd-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: controller.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS - valueFrom: - configMapKeyRef: - key: controller.status.processors - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS - valueFrom: - configMapKeyRef: - key: controller.operation.processors - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: controller.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: controller.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: controller.metrics.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: controller.self.heal.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: controller.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: controller.repo.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH - valueFrom: - configMapKeyRef: - key: controller.resource.health.persist - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APP_STATE_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: controller.app.state.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - key: redis.compression - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: controller.default.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - key: otlp.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - key: application.namespaces - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM - valueFrom: - configMapKeyRef: - key: controller.sharding.algorithm - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: controller.kubectl.parallelism.limit - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:v2.7.4 - imagePullPolicy: Always - name: argocd-application-controller - ports: - - containerPort: 8082 - readinessProbe: - httpGet: - path: /healthz - port: 8082 - initialDelaySeconds: 5 - periodSeconds: 10 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/controller/tls - name: argocd-repo-server-tls - - mountPath: /home/argocd - name: argocd-home - workingDir: /home/argocd - serviceAccountName: argocd-application-controller - volumes: - - emptyDir: {} - name: argocd-home - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-application-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8082 - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-applicationset-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 7000 - protocol: TCP - - port: 8080 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-applicationset-controller - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-dex-server-network-policy -spec: - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - ports: - - port: 5556 - protocol: TCP - - port: 5557 - protocol: TCP - - from: - - namespaceSelector: {} - ports: - - port: 5558 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-dex-server - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 9001 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-notifications-controller - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-redis-network-policy -spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - ports: - - port: 6379 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-repo-server-network-policy -spec: - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-notifications-controller - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-applicationset-controller - ports: - - port: 8081 - protocol: TCP - - from: - - namespaceSelector: {} - ports: - - port: 8084 - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-server-network-policy -spec: - ingress: - - {} - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - policyTypes: - - Ingress diff --git a/tcs-upgrade/argoflow/argoci.yaml b/tcs-upgrade/argoflow/argoci.yaml deleted file mode 100644 index 321a21f..0000000 --- a/tcs-upgrade/argoflow/argoci.yaml +++ /dev/null @@ -1,1320 +0,0 @@ -# This is an auto-generated file. DO NOT EDIT -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io -spec: - group: argoproj.io - names: - kind: ClusterWorkflowTemplate - listKind: ClusterWorkflowTemplateList - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft - singular: clusterworkflowtemplate - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io -spec: - group: argoproj.io - names: - kind: CronWorkflow - listKind: CronWorkflowList - plural: cronworkflows - shortNames: - - cwf - - cronwf - singular: cronworkflow - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowartifactgctasks.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowArtifactGCTask - listKind: WorkflowArtifactGCTaskList - plural: workflowartifactgctasks - shortNames: - - wfat - singular: workflowartifactgctask - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workfloweventbindings.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings - shortNames: - - wfeb - singular: workfloweventbinding - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io -spec: - group: argoproj.io - names: - kind: Workflow - listKind: WorkflowList - plural: workflows - shortNames: - - wf - singular: workflow - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Status of the workflow - jsonPath: .status.phase - name: Status - type: string - - description: When the workflow was started - format: date-time - jsonPath: .status.startedAt - name: Age - type: date - - description: Human readable message indicating details about why the workflow - is in this condition. - jsonPath: .status.message - name: Message - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtaskresults.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowTaskResult - listKind: WorkflowTaskResultList - plural: workflowtaskresults - singular: workflowtaskresult - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - message: - type: string - metadata: - type: object - outputs: - properties: - artifacts: - items: - properties: - archive: - properties: - none: - type: object - tar: - properties: - compressionLevel: - format: int32 - type: integer - type: object - zip: - type: object - type: object - archiveLogs: - type: boolean - artifactGC: - properties: - podMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - serviceAccountName: - type: string - strategy: - enum: - - "" - - OnWorkflowCompletion - - OnWorkflowDeletion - - Never - type: string - type: object - artifactory: - properties: - passwordSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - url: - type: string - usernameSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - required: - - url - type: object - azure: - properties: - accountKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - blob: - type: string - container: - type: string - endpoint: - type: string - useSDKCreds: - type: boolean - required: - - blob - - container - - endpoint - type: object - deleted: - type: boolean - from: - type: string - fromExpression: - type: string - gcs: - properties: - bucket: - type: string - key: - type: string - serviceAccountKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - required: - - key - type: object - git: - properties: - branch: - type: string - depth: - format: int64 - type: integer - disableSubmodules: - type: boolean - fetch: - items: - type: string - type: array - insecureIgnoreHostKey: - type: boolean - passwordSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - repo: - type: string - revision: - type: string - singleBranch: - type: boolean - sshPrivateKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - usernameSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - required: - - repo - type: object - globalName: - type: string - hdfs: - properties: - addresses: - items: - type: string - type: array - force: - type: boolean - hdfsUser: - type: string - krbCCacheSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - krbConfigConfigMap: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - krbKeytabSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - krbRealm: - type: string - krbServicePrincipalName: - type: string - krbUsername: - type: string - path: - type: string - required: - - path - type: object - http: - properties: - auth: - properties: - basicAuth: - properties: - passwordSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - usernameSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - clientCert: - properties: - clientCertSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - clientKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - oauth2: - properties: - clientIDSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - clientSecretSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - endpointParams: - items: - properties: - key: - type: string - value: - type: string - required: - - key - type: object - type: array - scopes: - items: - type: string - type: array - tokenURLSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - type: object - headers: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - url: - type: string - required: - - url - type: object - mode: - format: int32 - type: integer - name: - type: string - optional: - type: boolean - oss: - properties: - accessKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - bucket: - type: string - createBucketIfNotPresent: - type: boolean - endpoint: - type: string - key: - type: string - lifecycleRule: - properties: - markDeletionAfterDays: - format: int32 - type: integer - markInfrequentAccessAfterDays: - format: int32 - type: integer - type: object - secretKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - securityToken: - type: string - required: - - key - type: object - path: - type: string - raw: - properties: - data: - type: string - required: - - data - type: object - recurseMode: - type: boolean - s3: - properties: - accessKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - bucket: - type: string - createBucketIfNotPresent: - properties: - objectLocking: - type: boolean - type: object - encryptionOptions: - properties: - enableEncryption: - type: boolean - kmsEncryptionContext: - type: string - kmsKeyId: - type: string - serverSideCustomerKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - endpoint: - type: string - insecure: - type: boolean - key: - type: string - region: - type: string - roleARN: - type: string - secretKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - useSDKCreds: - type: boolean - type: object - subPath: - type: string - required: - - name - type: object - type: array - exitCode: - type: string - parameters: - items: - properties: - default: - type: string - description: - type: string - enum: - items: - type: string - type: array - globalName: - type: string - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - default: - type: string - event: - type: string - expression: - type: string - jqFilter: - type: string - jsonPath: - type: string - parameter: - type: string - path: - type: string - supplied: - type: object - type: object - required: - - name - type: object - type: array - result: - type: string - type: object - phase: - type: string - progress: - type: string - required: - - metadata - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtasksets.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowTaskSet - listKind: WorkflowTaskSetList - plural: workflowtasksets - shortNames: - - wfts - singular: workflowtaskset - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowTemplate - listKind: WorkflowTemplateList - plural: workflowtemplates - shortNames: - - wftmpl - singular: workflowtemplate - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argo ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argo-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-role -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - persistentvolumeclaims/finalizers - verbs: - - create - - update - - delete - - get -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtasksets - - workflowtasksets/finalizers - - workflowartifactgctasks - verbs: - - get - - list - - watch - - update - - patch - - delete - - create -- apiGroups: - - argoproj.io - resources: - - workflowtemplates - - workflowtemplates/finalizers - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - workflowtaskresults - verbs: - - list - - watch - - deletecollection -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - cronworkflows - - cronworkflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - get - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-server-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - verbs: - - get - - list - - watch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - watch - - create - - patch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - eventsources - - sensors - - workflows - - workfloweventbindings - - workflowtemplates - - cronworkflows - - cronworkflows/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-role -subjects: -- kind: ServiceAccount - name: argo ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-server-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-server-role -subjects: -- kind: ServiceAccount - name: argo-server ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: workflow-controller-configmap -data: - resourceRateLimit: | - limit: 20 - burst: 1 - workflowDefaults: | - metadata: - annotations: - argo: workflows - spec: - parallelism: 100 - templateDefaults: - timeout: 1800s - executor: | - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 500m - memory: 512Mi - args: - - --loglevel - - debug - - --gloglevel - - "6" - env: - # ARGO_TRACE enables some tracing information for debugging purposes. Currently it enables - # logging of S3 request/response payloads (including auth headers) - - name: ARGO_TRACE - value: "1" - metricsConfig: | - disableLegacy: true - enabled: true - path: /metrics - port: 9090 - persistence: | - connectionPool: - maxIdleConns: 100 - maxOpenConns: 0 - connMaxLifetime: 0s - nodeStatusOffLoad: true - archiveTTL: 30d - archive: true - skipMigration: true - mysql: - host: mysql.tcs.svc - port: 3306 - database: devops - tableName: argo_workflows - userNameSecret: - name: argoci-mysql - key: username - passwordSecret: - name: argoci-mysql - key: password - artifactRepository: | - # archiveLogs will archive the main container logs as an artifact - archiveLogs: true - s3: - bucket: bfs-devops-argo - keyFormat: "my-artifacts\ - /{{workflow.creationTimestamp.Y}}\ - /{{workflow.creationTimestamp.m}}\ - /{{workflow.creationTimestamp.d}}\ - /{{workflow.name}}\ - /{{pod.name}}" - endpoint: s3.amazonaws.com - region: eu-central-1 - insecure: false - accessKeySecret: - name: aws-s3-cred - key: accessKey - secretKeySecret: - name: aws-s3-cred - key: secretKey - ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app: mysql - name: argoci-mysql -stringData: - username: app - password: beaconfire@123 -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: aws-s3-cred - namespace: -stringData: - accessKey: ------------- - secretKey: ------------- -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - name: argo-server -spec: - ports: - - name: web - port: 2746 - targetPort: 2746 - selector: - app: argo-server ---- -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: workflow-controller -value: 1000000 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argo-server -spec: - selector: - matchLabels: - app: argo-server - template: - metadata: - labels: - app: argo-server - spec: - containers: - - args: - - server - - --namespaced - - --auth-mode=server - - --event-operation-queue-size=32 - - --event-worker-count=8 - env: [] - image: quay.io/argoproj/argocli:v3.4.7 - name: argo-server - ports: - - containerPort: 2746 - name: web - readinessProbe: - httpGet: - path: / - port: 2746 - scheme: HTTPS - initialDelaySeconds: 10 - periodSeconds: 20 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - serviceAccountName: argo-server - volumes: - - emptyDir: {} - name: tmp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: workflow-controller -spec: - selector: - matchLabels: - app: workflow-controller - template: - metadata: - labels: - app: workflow-controller - spec: - containers: - - args: - - --namespaced - - --configmap - - workflow-controller-configmap - command: - - workflow-controller - env: - - name: LEADER_ELECTION_IDENTITY - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - image: quay.io/argoproj/workflow-controller:v3.4.7 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 6060 - initialDelaySeconds: 90 - periodSeconds: 60 - timeoutSeconds: 30 - name: workflow-controller - ports: - - containerPort: 9090 - name: metrics - - containerPort: 6060 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: workflow-controller - securityContext: - runAsNonRoot: true - serviceAccountName: argo diff --git a/tcs-upgrade/kafka/akhq-di.yaml b/tcs-upgrade/kafka/akhq-di.yaml deleted file mode 100644 index 804545b..0000000 --- a/tcs-upgrade/kafka/akhq-di.yaml +++ /dev/null @@ -1,102 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: akhq-config -data: - application.yml: | - micronaut: - security: - enabled: true - token: - jwt: - signatures: - secret: - generator: - secret: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjpbeyJ0b29sdHQiOiJodHRwczovL3Rvb2x0dC5jb20ifV0sImlhdCI6MTY4NTY4OTU1MiwiZXhwIjoyNTM3NjI1NTk5LCJhdWQiOiIiLCJpc3MiOiJzbWFsbGtvdWRhaSIsInN1YiI6IiJ9.mKw9nKRhQimdaNtMWLHT9TqIn2-iIcZR4txgy8z07xQ - akhq: - security: - default-group: no-roles - basic-auth: - - username: admin - password: "$2a$10$zBr9YyaCto68TJ.aYsP8/eQXHm5MqJUULRm0OpzEOowhmG2Pjv2ry" - passwordHash: BCRYPT - groups: - - admin - connections: - kafka-cluster: - properties: - bootstrap.servers: "kafka.tcs-di.svc.cluster.local:9092" - schema-registry: - url: "http://schemaregistry.tcs-di.svc.cluster.local:8081" - type: "confluent" - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: akhq -spec: - replicas: 1 - selector: - matchLabels: - app: akhq - template: - metadata: - labels: - app: akhq - spec: - containers: - - name: akhq - image: tchiotludo/akhq - env: - - name: MICRONAUT_CONFIG_FILES - value: /app/application.yml - ports: - - name: http - containerPort: 8080 - protocol: TCP - - name: management - containerPort: 28081 - protocol: TCP - volumeMounts: - - name: config - mountPath: /app/application.yml - subPath: application.yml - livenessProbe: - httpGet: - path: /health - port: management - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /health - port: management - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - resources: {} - volumes: - - name: config - configMap: - name: akhq-config ---- -apiVersion: v1 -kind: Service -metadata: - name: akhq -spec: - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 8080 - targetPort: http - selector: - app: akhq \ No newline at end of file diff --git a/tcs-upgrade/kafka/kafka-di.yaml b/tcs-upgrade/kafka/kafka-di.yaml deleted file mode 100644 index 2485733..0000000 --- a/tcs-upgrade/kafka/kafka-di.yaml +++ /dev/null @@ -1,107 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - replicas: 3 - oneReplicaPerNode: true - configOverrides: - jvm: - - "-Xmx512m" - podTemplate: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tcs-di - image: - application: confluentinc/cp-zookeeper:7.4.0 - init: confluentinc/confluent-init-container:2.6.0 - dataVolumeCapacity: 10Gi - logVolumeCapacity: 10Gi - storageClass: - name: tcs-kafka-di ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - replicas: 3 - oneReplicaPerNode: true - configOverrides: - server: - - auto.create.topics.enable=true - - default.replication.factor=3 - jvm: - - "-Xmx512m" - podTemplate: - resources: - requests: - memory: "256Mi" - cpu: "100m" - limits: - memory: "4G" - cpu: "1" - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tcs-di - image: - application: confluentinc/cp-server:7.4.0 - init: confluentinc/confluent-init-container:2.6.0 - dataVolumeCapacity: 20Gi - storageClass: - name: tcs-kafka-di - metricReporter: - enabled: true - listeners: - external: - externalAccess: - type: nodePort - nodePort: - host: kafka-tcs.drillinsight.com - nodePortOffset: 31001 - # dependencies: - # 多个kakfa集群复用zk - # zookeeper: - # endpoint: zookeeper.common.svc.cluster.local:2181 ---- -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: schemaregistry -spec: - replicas: 3 - oneReplicaPerNode: true - configOverrides: - jvm: - - "-Xmx512m" - podTemplate: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tcs-di - image: - application: confluentinc/cp-schema-registry:7.4.0 - init: confluentinc/confluent-init-container:2.6.0 - externalAccess: - type: nodePort - nodePort: - host: kafka-tcs.drillinsight.com - nodePortOffset: 31005 diff --git a/tcs-upgrade/kafka/kafka-ldap.yaml b/tcs-upgrade/kafka/kafka-ldap.yaml deleted file mode 100644 index a96cb48..0000000 --- a/tcs-upgrade/kafka/kafka-ldap.yaml +++ /dev/null @@ -1,181 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - replicas: 3 - oneReplicaPerNode: true - configOverrides: - jvm: - - "-Xmx128m" - podTemplate: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tcs - image: - application: confluentinc/cp-zookeeper:7.5.0 - init: confluentinc/confluent-init-container:2.7.0 - dataVolumeCapacity: 10Gi - logVolumeCapacity: 10Gi - storageClass: - name: tcs-kafka - authentication: - type: digest - jaasConfig: - secretRef: credential - tls: - secretRef: tls-group1 ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - replicas: 3 - oneReplicaPerNode: true - configOverrides: - server: - - auto.create.topics.enable=true - - default.replication.factor=3 - jvm: - - "-Xmx512m" - podTemplate: - resources: - requests: - memory: "256Mi" - cpu: "100m" - limits: - memory: "4G" - cpu: "1" - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tcs - image: - application: confluentinc/cp-server:7.5.0 - init: confluentinc/confluent-init-container:2.7.0 - dataVolumeCapacity: 10Gi - storageClass: - name: tcs-kafka - tls: - secretRef: tls-group1 - listeners: - internal: - authentication: - type: ldap - jaasConfig: - secretRef: credential - tls: - enabled: true - external: - externalAccess: - type: nodePort - nodePort: - host: kafka-tcs.beaconfireinc.com - nodePortOffset: 30001 - authentication: - type: ldap - jaasConfig: - secretRef: credential - tls: - enabled: true - authorization: - type: rbac - superUsers: - - User:kafka - services: - mds: - tls: - enabled: true - tokenKeyPair: - secretRef: mds-token - provider: - type: ldap - ldap: - address: ldap://ldap.tcs.svc.cluster.local:389 - authentication: - type: simple - simple: - secretRef: credential - configurations: - groupNameAttribute: cn - groupObjectClass: group - groupMemberAttribute: member - groupMemberAttributePattern: CN=(.*),DC=test,DC=com - groupSearchBase: dc=test,dc=com - userNameAttribute: cn - userMemberOfAttributePattern: CN=(.*),DC=test,DC=com - userObjectClass: organizationalRole - userSearchBase: dc=test,dc=com - dependencies: - zookeeper: - endpoint: zookeeper.tcs.svc.cluster.local:2182 - authentication: - type: digest - jaasConfig: - secretRef: credential - tls: - enabled: true ---- -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: schemaregistry -spec: - replicas: 1 - oneReplicaPerNode: true - configOverrides: - jvm: - - "-Xmx128m" - podTemplate: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tcs - image: - application: confluentinc/cp-schema-registry:7.5.0 - init: confluentinc/confluent-init-container:2.7.0 - tls: - secretRef: tls-group1 - externalAccess: - type: nodePort - nodePort: - host: kafka-tcs.beaconfireinc.com - nodePortOffset: 30005 - authorization: - type: rbac - dependencies: - kafka: - bootstrapEndpoint: kafka.tcs.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - mds: - endpoint: https://kafka.tcs.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-token - authentication: - type: bearer - bearer: - secretRef: sr-mds-client - tls: - enabled: true diff --git a/tcs-upgrade/kafka/storage-di.yaml b/tcs-upgrade/kafka/storage-di.yaml deleted file mode 100644 index 1f478c5..0000000 --- a/tcs-upgrade/kafka/storage-di.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: tcs-kafka-di -provisioner: openebs.io/local -reclaimPolicy: Retain -allowVolumeExpansion: true -volumeBindingMode: WaitForFirstConsumer \ No newline at end of file diff --git a/tcs-upgrade/service_group/config-server.yaml b/tcs-upgrade/service_group/config-server.yaml deleted file mode 100644 index 40c8028..0000000 --- a/tcs-upgrade/service_group/config-server.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-server -data: - application.yml: | - server: - port: 8888 - spring: - cloud: - config: - server: - git: - uri: https://github.com/beaconfire-projects/cloud-config.git - search-paths: - - '{application}' - - micro/* - username: zyu@beaconfireinc.com - password: ENC(5/I4EP0HwkLv/ZFigX3bmP+U/yR0HAOgWpbVg4tHuREz0G9CfOZzZfFTHA342PpoLYVkj924iqo=) - bus: - refresh: - enabled: true - trace: - enabled: true - stream: - kafka: - binder: - brokers: http://kafka-0-internal.basic:9092,http://kafka-1-internal.basic:9092, http://kafka-2-internal.basic:9092 - - jasypt: - encryptor: - algorithm: PBEWithMD5AndDES - iv-generator-classname: org.jasypt.iv.NoIvGenerator - - management: - endpoints: - web: - exposure: - include: 'busrefresh' #refresh - - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: config-server -spec: - replicas: 1 - selector: - matchLabels: - app: config-server - template: - metadata: - labels: - app: config-server - spec: - imagePullSecrets: - - name: docker-regcred - containers: - - name: config-server - image: beaconfireiic/config-server:1.1.1-prod - imagePullPolicy: Always - ports: - - name: http - containerPort: 8888 - protocol: TCP - env: - - name: "LOGGING_LEVEL_ROOT" - value: "info" - - name: "SERVER_PORT" - value: "8888" - - name: "LOG_APP-NAME" - value: "config-server" - volumeMounts: - - name: config - mountPath: /app/application.yml - subPath: application.yml - - name: app-logs - mountPath: /logs - resources: - requests: - cpu: 0.1 - memory: 256Mi - limits: - cpu: 1 - memory: 2Gi - volumes: - - name: config - configMap: - name: config-server - - name: app-logs - hostPath: - path: /data/app_logs/config-server ---- -apiVersion: v1 -kind: Service -metadata: - name: config-server -spec: - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 8888 - targetPort: http - selector: - app: config-server \ No newline at end of file diff --git a/tcs-upgrade/service_group/discover-service.yaml b/tcs-upgrade/service_group/discover-service.yaml deleted file mode 100644 index ec495bf..0000000 --- a/tcs-upgrade/service_group/discover-service.yaml +++ /dev/null @@ -1,144 +0,0 @@ -# apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: discovery-service -# data: - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: discovery-service -spec: - replicas: 1 - selector: - matchLabels: - app: discovery-service - template: - metadata: - labels: - app: discovery-service - spec: - imagePullSecrets: - - name: docker-regcred - containers: - - name: discovery-service - image: beaconfireiic/service-discovery:1.1.0 - imagePullPolicy: Always - ports: - - name: http - containerPort: 8761 - protocol: TCP - env: - - name: "LOGGING_LEVEL_ROOT" - value: "info" - - name: "EUREKA_INSTANCE_HOSTNAME" - value: "discovery-service" - - name: "SERVER_PORT" - value: "8761" - - name: "LOG_APP-NAME" - value: "discovery-service" - - name: "SPRING_PROFILES_ACTIVE" - value: "sdet" - volumeMounts: - - name: app-logs - mountPath: /logs - resources: - requests: - cpu: 0.1 - memory: 128Mi - limits: - cpu: 1 - memory: 2Gi - volumes: - - name: app-logs - hostPath: - path: /data/app_logs/discovery-service ---- -apiVersion: v1 -kind: Service -metadata: - name: discovery-service -spec: - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 8761 - targetPort: http - selector: - app: discovery-service - ---- -# apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: gateway -# data: - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gateway -spec: - replicas: 1 - selector: - matchLabels: - app: gateway - template: - metadata: - labels: - app: gateway - spec: - imagePullSecrets: - - name: docker-regcred - containers: - - name: gateway - image: beaconfireiic/gateway:1.1.0 - imagePullPolicy: Always - ports: - - name: http - containerPort: 8888 - protocol: TCP - env: - - name: "LOGGING_LEVEL_ROOT" - value: "info" - - name: "EUREKA_INSTANCE_HOSTNAME" - value: "discovery-service" - - name: "SERVER_PORT" - value: "8888" - - name: "EUREKA_CLIENT_SERVICE-URL_DEFAULT-ZONE" - value: "http://discovery-service:8761/eureka/" - - name: "LOG_APP-NAME" - value: "gateway" - - name: "SPRING_PROFILES_ACTIVE" - value: "sdet" - volumeMounts: - - name: app-logs - mountPath: /logs - resources: - requests: - cpu: 0.1 - memory: 128Mi - limits: - cpu: 1 - memory: 2Gi - volumes: - - name: app-logs - hostPath: - path: /data/app_logs/gateway ---- -apiVersion: v1 -kind: Service -metadata: - name: gateway -spec: - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 8888 - targetPort: http - selector: - app: gateway \ No newline at end of file diff --git a/tcs-upgrade/elastic/elastic.yaml b/tob-upgrade/elastic/elastic.yaml similarity index 95% rename from tcs-upgrade/elastic/elastic.yaml rename to tob-upgrade/elastic/elastic.yaml index dd2827a..c3e423c 100644 --- a/tcs-upgrade/elastic/elastic.yaml +++ b/tob-upgrade/elastic/elastic.yaml @@ -22,7 +22,7 @@ spec: - key: kubernetes.io/hostname operator: In values: - - bfs-k8snode-10-2-1-5.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-5.hetzner.base.beaconfireinc.com --- apiVersion: v1 @@ -48,7 +48,7 @@ spec: - key: kubernetes.io/hostname operator: In values: - - bfs-k8snode-10-2-1-6.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-6.hetzner.base.beaconfireinc.com --- apiVersion: v1 @@ -74,7 +74,7 @@ spec: - key: kubernetes.io/hostname operator: In values: - - bfs-k8snode-10-2-1-7.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-7.hetzner.base.beaconfireinc.com --- apiVersion: apps/v1 diff --git a/tcs-upgrade/elastic/filebeat.yaml b/tob-upgrade/elastic/filebeat.yaml similarity index 100% rename from tcs-upgrade/elastic/filebeat.yaml rename to tob-upgrade/elastic/filebeat.yaml diff --git a/tcs-upgrade/elastic/kibana.yaml b/tob-upgrade/elastic/kibana.yaml similarity index 100% rename from tcs-upgrade/elastic/kibana.yaml rename to tob-upgrade/elastic/kibana.yaml diff --git a/tcs-upgrade/elastic/logstash.yaml b/tob-upgrade/elastic/logstash.yaml similarity index 100% rename from tcs-upgrade/elastic/logstash.yaml rename to tob-upgrade/elastic/logstash.yaml diff --git a/tcs-upgrade/elastic/storage.yaml b/tob-upgrade/elastic/storage.yaml similarity index 100% rename from tcs-upgrade/elastic/storage.yaml rename to tob-upgrade/elastic/storage.yaml diff --git a/tcs-upgrade/jenkins/jenkins.yaml b/tob-upgrade/jenkins/jenkins.yaml similarity index 97% rename from tcs-upgrade/jenkins/jenkins.yaml rename to tob-upgrade/jenkins/jenkins.yaml index dfe0c80..2037069 100644 --- a/tcs-upgrade/jenkins/jenkins.yaml +++ b/tob-upgrade/jenkins/jenkins.yaml @@ -76,7 +76,7 @@ spec: - key: kubernetes.io/hostname operator: In values: - - bfs-k8snode-10-2-1-5.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-5.hetzner.base.beaconfireinc.com --- apiVersion: apps/v1 diff --git a/tcs-upgrade/kafka/akhq.yaml b/tob-upgrade/kafka/akhq.yaml similarity index 100% rename from tcs-upgrade/kafka/akhq.yaml rename to tob-upgrade/kafka/akhq.yaml diff --git a/tcs-upgrade/kafka/kafka.yaml b/tob-upgrade/kafka/kafka.yaml similarity index 96% rename from tcs-upgrade/kafka/kafka.yaml rename to tob-upgrade/kafka/kafka.yaml index f19f44d..2f72a5e 100644 --- a/tcs-upgrade/kafka/kafka.yaml +++ b/tob-upgrade/kafka/kafka.yaml @@ -8,7 +8,7 @@ spec: oneReplicaPerNode: true configOverrides: jvm: - - "-Xmx128m" + - "-Xmx256m" podTemplate: affinity: nodeAffinity: @@ -18,7 +18,7 @@ spec: - key: app.kubernetes.io/name operator: In values: - - tcs + - mq image: application: confluentinc/cp-zookeeper:7.4.0 init: confluentinc/confluent-init-container:2.6.0 @@ -56,7 +56,7 @@ spec: - key: app.kubernetes.io/name operator: In values: - - tcs + - mq image: application: confluentinc/cp-server:7.4.0 init: confluentinc/confluent-init-container:2.6.0 @@ -86,7 +86,7 @@ spec: oneReplicaPerNode: true configOverrides: jvm: - - "-Xmx128m" + - "-Xmx256m" podTemplate: affinity: nodeAffinity: @@ -96,7 +96,7 @@ spec: - key: app.kubernetes.io/name operator: In values: - - tcs + - mq image: application: confluentinc/cp-schema-registry:7.4.0 init: confluentinc/confluent-init-container:2.6.0 diff --git a/tcs-upgrade/kafka/storage.yaml b/tob-upgrade/kafka/storage.yaml similarity index 100% rename from tcs-upgrade/kafka/storage.yaml rename to tob-upgrade/kafka/storage.yaml diff --git a/tcs-upgrade/kubesphere/k8scluster.yaml b/tob-upgrade/kubesphere/k8scluster.yaml similarity index 68% rename from tcs-upgrade/kubesphere/k8scluster.yaml rename to tob-upgrade/kubesphere/k8scluster.yaml index 7d8a907..215decb 100644 --- a/tcs-upgrade/kubesphere/k8scluster.yaml +++ b/tob-upgrade/kubesphere/k8scluster.yaml @@ -4,37 +4,37 @@ metadata: name: bfs-k8scluster-1 spec: hosts: - - {name: bfs-k8smaster-10-2-1-2.hetzner.base.beaconfireinc.com, address: 10.2.1.2, internalAddress: 10.2.1.2, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8smaster-10-2-1-3.hetzner.base.beaconfireinc.com, address: 10.2.1.3, internalAddress: 10.2.1.3, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8smaster-10-2-1-4.hetzner.base.beaconfireinc.com, address: 10.2.1.4, internalAddress: 10.2.1.4, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8snode-10-2-1-5.hetzner.base.beaconfireinc.com, address: 10.2.1.5, internalAddress: 10.2.1.5, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8snode-10-2-1-6.hetzner.base.beaconfireinc.com, address: 10.2.1.6, internalAddress: 10.2.1.6, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8snode-10-2-1-7.hetzner.base.beaconfireinc.com, address: 10.2.1.7, internalAddress: 10.2.1.7, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8snode-10-2-1-8.hetzner.base.beaconfireinc.com, address: 10.2.1.8, internalAddress: 10.2.1.8, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8snode-10-2-1-9.hetzner.base.beaconfireinc.com, address: 10.2.1.9, internalAddress: 10.2.1.9, privateKeyPath: "~/.ssh/bfs-ed25519"} - - {name: bfs-k8snode-10-2-1-10.hetzner.base.beaconfireinc.com, address: 10.2.1.10, internalAddress: 10.2.1.10, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8smaster-10-2-3-2.hetzner.base.beaconfireinc.com, address: 10.2.3.2, internalAddress: 10.2.3.2, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8smaster-10-2-3-3.hetzner.base.beaconfireinc.com, address: 10.2.3.3, internalAddress: 10.2.3.3, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8smaster-10-2-3-4.hetzner.base.beaconfireinc.com, address: 10.2.3.4, internalAddress: 10.2.3.4, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8snode-10-2-3-5.hetzner.base.beaconfireinc.com, address: 10.2.3.5, internalAddress: 10.2.3.5, privateKeyPath: "~/.ssh/bfs-ed25519"} + # - {name: bfs-k8snode-10-2-3-6.hetzner.base.beaconfireinc.com, address: 10.2.3.6, internalAddress: 10.2.3.6, privateKeyPath: "~/.ssh/bfs-ed25519"} + # - {name: bfs-k8snode-10-2-3-7.hetzner.base.beaconfireinc.com, address: 10.2.3.7, internalAddress: 10.2.3.7, privateKeyPath: "~/.ssh/bfs-ed25519"} + # - {name: bfs-k8snode-10-2-3-8.hetzner.base.beaconfireinc.com, address: 10.2.3.8, internalAddress: 10.2.3.8, privateKeyPath: "~/.ssh/bfs-ed25519"} + # - {name: bfs-k8snode-10-2-3-9.hetzner.base.beaconfireinc.com, address: 10.2.3.9, internalAddress: 10.2.3.9, privateKeyPath: "~/.ssh/bfs-ed25519"} + # - {name: bfs-k8snode-10-2-3-10.hetzner.base.beaconfireinc.com, address: 10.2.3.10, internalAddress: 10.2.3.10, privateKeyPath: "~/.ssh/bfs-ed25519"} roleGroups: etcd: - - bfs-k8smaster-10-2-1-2.hetzner.base.beaconfireinc.com - - bfs-k8smaster-10-2-1-3.hetzner.base.beaconfireinc.com - - bfs-k8smaster-10-2-1-4.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-3-2.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-3-3.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-3-4.hetzner.base.beaconfireinc.com control-plane: - - bfs-k8smaster-10-2-1-2.hetzner.base.beaconfireinc.com - - bfs-k8smaster-10-2-1-3.hetzner.base.beaconfireinc.com - - bfs-k8smaster-10-2-1-4.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-3-2.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-3-3.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-3-4.hetzner.base.beaconfireinc.com worker: - - bfs-k8snode-10-2-1-5.hetzner.base.beaconfireinc.com - - bfs-k8snode-10-2-1-6.hetzner.base.beaconfireinc.com - - bfs-k8snode-10-2-1-7.hetzner.base.beaconfireinc.com - - bfs-k8snode-10-2-1-8.hetzner.base.beaconfireinc.com - - bfs-k8snode-10-2-1-9.hetzner.base.beaconfireinc.com - - bfs-k8snode-10-2-1-10.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-5.hetzner.base.beaconfireinc.com + # - bfs-k8snode-10-2-3-6.hetzner.base.beaconfireinc.com + # - bfs-k8snode-10-2-3-7.hetzner.base.beaconfireinc.com + # - bfs-k8snode-10-2-3-8.hetzner.base.beaconfireinc.com + # - bfs-k8snode-10-2-3-9.hetzner.base.beaconfireinc.com + # - bfs-k8snode-10-2-3-10.hetzner.base.beaconfireinc.com controlPlaneEndpoint: ## Internal loadbalancer for apiservers # internalLoadbalancer: haproxy domain: tcs-k8slb.beaconfireinc.com - address: "10.2.1.1" + address: "10.2.3.1" port: 6443 kubernetes: version: v1.23.12 diff --git a/tcs-upgrade/mongo/mongo.yaml b/tob-upgrade/mongo/mongo.yaml similarity index 96% rename from tcs-upgrade/mongo/mongo.yaml rename to tob-upgrade/mongo/mongo.yaml index 14c6e5a..8d14bf8 100644 --- a/tcs-upgrade/mongo/mongo.yaml +++ b/tob-upgrade/mongo/mongo.yaml @@ -52,7 +52,7 @@ spec: - key: "kubernetes.io/hostname" operator: In values: - - bfs-k8snode-10-2-1-6.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-6.hetzner.base.beaconfireinc.com --- apiVersion: v1 diff --git a/tcs-upgrade/mysql/mysql.yaml b/tob-upgrade/mysql/mysql.yaml similarity index 96% rename from tcs-upgrade/mysql/mysql.yaml rename to tob-upgrade/mysql/mysql.yaml index e9b144d..f5d608f 100644 --- a/tcs-upgrade/mysql/mysql.yaml +++ b/tob-upgrade/mysql/mysql.yaml @@ -56,7 +56,7 @@ spec: - key: "kubernetes.io/hostname" operator: In values: - - bfs-k8snode-10-2-1-7.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-7.hetzner.base.beaconfireinc.com --- apiVersion: v1 kind: Service diff --git a/tcs-upgrade/redis/redis.yaml b/tob-upgrade/redis/redis.yaml similarity index 96% rename from tcs-upgrade/redis/redis.yaml rename to tob-upgrade/redis/redis.yaml index b2f0d71..ba36d15 100644 --- a/tcs-upgrade/redis/redis.yaml +++ b/tob-upgrade/redis/redis.yaml @@ -70,7 +70,7 @@ spec: - key: "kubernetes.io/hostname" operator: In values: - - bfs-k8snode-10-2-1-5.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-3-5.hetzner.base.beaconfireinc.com --- apiVersion: v1