From ce4bbabaf513491e19400df55ceb5c7838e78085 Mon Sep 17 00:00:00 2001 From: Ishan Gupta Date: Wed, 7 Oct 2020 10:33:58 +0530 Subject: [PATCH] Namespace scope mode for litmus-portal and okteto cloud dev environment integration. (#2187) This commit adds namespace scope installation configuration and required code changes for it to litmus-portal and also adds Okteto cloud dev environment setup. Signed-off-by: ishangupta-ds --- litmus-portal/README.md | 37 +- .../subscriber/pkg/cluster/events/workflow.go | 24 +- .../subscriber/pkg/gql/subscriptions.go | 4 +- .../subscriber/pkg/k8s/operations.go | 11 +- .../subscriber/pkg/types/connect.go | 1 + ...-manifest.yml => cluster-k8s-manifest.yml} | 178 +++-- litmus-portal/frontend/.stignore | 56 ++ litmus-portal/frontend/okteto.yml | 20 + litmus-portal/frontend/package-lock.json | 2 +- ...{subscriber.yml => cluster-subscriber.yml} | 274 ++++--- .../manifests/namespace-subscriber.yml | 674 ++++++++++++++++++ .../pkg/database/mongodb/init.go | 2 +- .../pkg/file_handlers/file_handlers.go | 29 +- .../pkg/graphql/subscriptions/subscription.go | 11 +- .../graphql-server/pkg/k8s/cluster.go | 32 +- .../graphql-server/pkg/self-deployer/start.go | 8 +- .../pkg/types/configurations.go | 14 + litmus-portal/graphql-server/utils/misc.go | 24 +- litmus-portal/litmus-portal-crds.yml | 506 +++++++++++++ litmus-portal/namespaced-K8s-template.yml | 286 ++++++++ litmus-portal/platforms/okteto/README.md | 134 ++++ .../platforms/okteto/hello-world-AUT.yml | 46 ++ .../litmus-portal-dev-manifest-template.yml | 356 +++++++++ litmus-portal/tools/self-deployer/deployer.go | 5 +- okteto-pipeline.yaml | 7 + 25 files changed, 2565 insertions(+), 176 deletions(-) rename litmus-portal/{k8s-manifest.yml => cluster-k8s-manifest.yml} (51%) create mode 100644 litmus-portal/frontend/.stignore create mode 100644 litmus-portal/frontend/okteto.yml rename litmus-portal/graphql-server/manifests/{subscriber.yml => cluster-subscriber.yml} (84%) create mode 100644 litmus-portal/graphql-server/manifests/namespace-subscriber.yml create mode 100644 litmus-portal/graphql-server/pkg/types/configurations.go create mode 100644 litmus-portal/litmus-portal-crds.yml create mode 100644 litmus-portal/namespaced-K8s-template.yml create mode 100644 litmus-portal/platforms/okteto/README.md create mode 100644 litmus-portal/platforms/okteto/hello-world-AUT.yml create mode 100644 litmus-portal/platforms/okteto/litmus-portal-dev-manifest-template.yml create mode 100644 okteto-pipeline.yaml diff --git a/litmus-portal/README.md b/litmus-portal/README.md index 13363711114..4bbf41be129 100644 --- a/litmus-portal/README.md +++ b/litmus-portal/README.md @@ -7,6 +7,8 @@ Litmus-Portal provides console and UI experience for managing, monitoring, and e - Minikube - GKE - KIND +- EKS +- Okteto Cloud ## **Pre-requisites** @@ -22,11 +24,41 @@ kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/v1.8.x/lit Or -> Master (Latest) +> Master (Latest) Cluster scope. Installed in litmus namespace by default. ```bash -kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/k8s-manifest.yml +kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/cluster-k8s-manifest.yml ``` +Or + +> Master (Latest) Namespaced scope. Replace `` with the desired namespace. +```bash +export LITMUS_PORTAL_NAMESPACE="" +kubectl create ns ${LITMUS_PORTAL_NAMESPACE} +kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/litmus-portal-crds.yml +curl https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/namespaced-K8s-template.yml --output litmus-portal-namespaced-K8s-template.yml +envsubst < litmus-portal-namespaced-K8s-template.yml > ${LITMUS_PORTAL_NAMESPACE}-ns-scoped-litmus-portal-manifest.yml +kubectl apply -f ${LITMUS_PORTAL_NAMESPACE}-ns-scoped-litmus-portal-manifest.yml -n ${LITMUS_PORTAL_NAMESPACE} +kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/platforms/okteto/hello-world-AUT.yml -n ${LITMUS_PORTAL_NAMESPACE} +``` + +#### Configuration Options for Cluster scope. + +- `litmus-portal-operations-config` configmap. + + > `AgentNamespace: litmus` + +- All environment variables. + +#### Configuration Options for Namespace scope. + +- `litmus-portal-operations-config` configmap. + + > `AgentNamespace: ${LITMUS_PORTAL_NAMESPACE}` + +- All environment variables. + + #### Retrieving external url to access the litmus portal ```bash @@ -63,7 +95,6 @@ kubectl delete -f https://raw.githubusercontent.com/litmuschaos/litmus/master/li - GQLGEN GraphQL Server - Database - MongoDB - - Prometheus ##### **Additional information** diff --git a/litmus-portal/cluster-agents/subscriber/pkg/cluster/events/workflow.go b/litmus-portal/cluster-agents/subscriber/pkg/cluster/events/workflow.go index f3517a12d94..4ca2cc746fd 100644 --- a/litmus-portal/cluster-agents/subscriber/pkg/cluster/events/workflow.go +++ b/litmus-portal/cluster-agents/subscriber/pkg/cluster/events/workflow.go @@ -1,6 +1,7 @@ package events import ( + "os" "time" "github.com/argoproj/argo/pkg/apis/workflow/v1alpha1" @@ -18,6 +19,11 @@ const ( resyncPeriod time.Duration = 0 ) +var ( + AgentScope = os.Getenv("AGENT_SCOPE") + AgentNamespace = os.Getenv("AGENT_NAMESPACE") +) + // initializes the Argo Workflow event watcher func WorkflowEventWatcher(stopCh chan struct{}, stream chan types.WorkflowEvent) { cfg, err := k8s.GetKubeConfig() @@ -29,12 +35,18 @@ func WorkflowEventWatcher(stopCh chan struct{}, stream chan types.WorkflowEvent) if err != nil { logrus.WithError(err).Fatal("could not generate dynamic client for config") } - // Create a factory object to watch workflows - f := externalversions.NewSharedInformerFactory(clientSet, resyncPeriod) - informer := f.Argoproj().V1alpha1().Workflows().Informer() - - // Start Event Watch - go startWatch(stopCh, informer, stream) + // Create a factory object to watch workflows depending on default scope + if AgentScope == "namespace" { + f := externalversions.NewSharedInformerFactoryWithOptions(clientSet, resyncPeriod, externalversions.WithNamespace(AgentNamespace)) + informer := f.Argoproj().V1alpha1().Workflows().Informer() + // Start Event Watch + go startWatch(stopCh, informer, stream) + } else { + f := externalversions.NewSharedInformerFactory(clientSet, resyncPeriod) + informer := f.Argoproj().V1alpha1().Workflows().Informer() + // Start Event Watch + go startWatch(stopCh, informer, stream) + } } // handles the different workflow events - add, update and delete diff --git a/litmus-portal/cluster-agents/subscriber/pkg/gql/subscriptions.go b/litmus-portal/cluster-agents/subscriber/pkg/gql/subscriptions.go index 9ce3bb31f83..f135e626dd8 100644 --- a/litmus-portal/cluster-agents/subscriber/pkg/gql/subscriptions.go +++ b/litmus-portal/cluster-agents/subscriber/pkg/gql/subscriptions.go @@ -16,7 +16,7 @@ import ( ) func ClusterConnect(clusterData map[string]string) { - query := `{"query":"subscription {\n clusterConnect(clusterInfo: {cluster_id: \"` + clusterData["CID"] + `\", access_key: \"` + clusterData["KEY"] + `\"}) {\n \t project_id,\n action{\n k8s_manifest,\n external_data,\n request_type\n }\n }\n}\n"}` + query := `{"query":"subscription {\n clusterConnect(clusterInfo: {cluster_id: \"` + clusterData["CID"] + `\", access_key: \"` + clusterData["KEY"] + `\"}) {\n \t project_id,\n action{\n k8s_manifest,\n external_data,\n request_type\n namespace\n }\n }\n}\n"}` serverURL, err := url.Parse(clusterData["GQL_SERVER"]) scheme := "ws" if serverURL.Scheme == "https" { @@ -87,7 +87,7 @@ func ClusterConnect(clusterData map[string]string) { SendPodLogs(clusterData, podRequest) } else if strings.Index("create update delete get", strings.ToLower(r.Payload.Data.ClusterConnect.Action.RequestType)) >= 0 { logrus.Print("WORKFLOW REQUEST ", r.Payload.Data.ClusterConnect.Action) - _, err = k8s.ClusterOperations(r.Payload.Data.ClusterConnect.Action.K8SManifest, r.Payload.Data.ClusterConnect.Action.RequestType) + _, err = k8s.ClusterOperations(r.Payload.Data.ClusterConnect.Action.K8SManifest, r.Payload.Data.ClusterConnect.Action.RequestType, r.Payload.Data.ClusterConnect.Action.Namespace) if err != nil { logrus.WithError(err).Print("error performing cluster operation") continue diff --git a/litmus-portal/cluster-agents/subscriber/pkg/k8s/operations.go b/litmus-portal/cluster-agents/subscriber/pkg/k8s/operations.go index 4c3e5605686..96d91fda88e 100644 --- a/litmus-portal/cluster-agents/subscriber/pkg/k8s/operations.go +++ b/litmus-portal/cluster-agents/subscriber/pkg/k8s/operations.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "log" + "os" yaml_converter "github.com/ghodss/yaml" corev1 "k8s.io/api/core/v1" @@ -20,13 +21,13 @@ import ( const ( PortalConfigName = "litmus-portal-config" - DefaultNamespace = "litmus" ) var ( Ctx = context.Background() decUnstructured = yaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme) dr dynamic.ResourceInterface + AgentNamespace = os.Getenv("AGENT_NAMESPACE") ) // IsClusterConfirmed checks if the config map with "is_cluster_confirmed" is true or not. @@ -36,7 +37,7 @@ func IsClusterConfirmed(clusterData map[string]string) (bool, string, error) { return false, "", err } - getCM, err := clientset.CoreV1().ConfigMaps(DefaultNamespace).Get(PortalConfigName, metav1.GetOptions{}) + getCM, err := clientset.CoreV1().ConfigMaps(AgentNamespace).Get(PortalConfigName, metav1.GetOptions{}) if errors.IsNotFound(err) { return false, "", nil } else if getCM.Data["is_cluster_confirmed"] == "true" { @@ -72,7 +73,7 @@ func ClusterRegister(clusterData map[string]string) (bool, error) { Data: configMapData, } - _, err = clientset.CoreV1().ConfigMaps(DefaultNamespace).Create(&newConfigMap) + _, err = clientset.CoreV1().ConfigMaps(AgentNamespace).Create(&newConfigMap) if err != nil { return false, nil } @@ -138,7 +139,7 @@ func applyRequest(requestType string, obj *unstructured.Unstructured) (*unstruct } // This function handles cluster operations -func ClusterOperations(manifest string, requestType string) (*unstructured.Unstructured, error) { +func ClusterOperations(manifest string, requestType string, namespace string) (*unstructured.Unstructured, error) { // Converting JSON to YAML and store it in yamlStr variable yamlStr, err := yaml_converter.JSONToYAML([]byte(manifest)) @@ -171,7 +172,7 @@ func ClusterOperations(manifest string, requestType string) (*unstructured.Unstr // Obtain REST interface for the GVR if mapping.Scope.Name() == meta.RESTScopeNameNamespace { // namespaced resources should specify the namespace - dr = dynamicClient.Resource(mapping.Resource).Namespace("litmus") + dr = dynamicClient.Resource(mapping.Resource).Namespace(namespace) } else { // for cluster-wide resources dr = dynamicClient.Resource(mapping.Resource) diff --git a/litmus-portal/cluster-agents/subscriber/pkg/types/connect.go b/litmus-portal/cluster-agents/subscriber/pkg/types/connect.go index 906f1c275b3..8037a26f4b8 100644 --- a/litmus-portal/cluster-agents/subscriber/pkg/types/connect.go +++ b/litmus-portal/cluster-agents/subscriber/pkg/types/connect.go @@ -38,4 +38,5 @@ type Action struct { K8SManifest string `json:"k8s_manifest"` ExternalData interface{} `json:"external_data"` RequestType string `json:"request_type"` + Namespace string `json:"namespace"` } diff --git a/litmus-portal/k8s-manifest.yml b/litmus-portal/cluster-k8s-manifest.yml similarity index 51% rename from litmus-portal/k8s-manifest.yml rename to litmus-portal/cluster-k8s-manifest.yml index c1896f32604..cb3c0f37919 100644 --- a/litmus-portal/k8s-manifest.yml +++ b/litmus-portal/cluster-k8s-manifest.yml @@ -4,6 +4,17 @@ kind: Namespace metadata: name: litmus --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmus-portal-admin-config + namespace: litmus +data: + AgentScope: cluster + AgentNamespace: litmus + DataBaseServer: "mongodb://mongo-service:27017" + JWTSecret: "litmus-portal@123" +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -26,7 +37,7 @@ spec: image: litmuschaos/litmusportal-frontend:ci imagePullPolicy: Always ports: - - containerPort: 80 + - containerPort: 80 --- apiVersion: v1 kind: Service @@ -42,6 +53,82 @@ spec: selector: component: litmusportal-frontend --- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: self-deployer-admin-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: deployer-admin + namespace: litmus + labels: + name: deployer-admin +rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: deployer-admin-rb + namespace: litmus +subjects: + - kind: ServiceAccount + name: self-deployer-admin-account + namespace: litmus +roleRef: + kind: ClusterRole + name: deployer-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-server-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: litmus-server + namespace: litmus + labels: + name: litmus-server +rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - patch + - update + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: litmus-server-rb + namespace: litmus +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +roleRef: + kind: ClusterRole + name: litmus-server + apiGroup: rbac.authorization.k8s.io +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -64,41 +151,67 @@ spec: image: litmuschaos/litmusportal-server:ci env: - name: DB_SERVER - value: "mongo-service:27017" + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DataBaseServer - name: JWT_SECRET - value: "litmus-portal@123" - - name: EXTERNAL_ADDRESS - value: "" + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: JWTSecret - name: SERVICE_ADDRESS value: "http://litmusportal-server-service:9002" - name: SELF_CLUSTER value: "true" + - name: AGENT_SCOPE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AgentScope + - name: AGENT_NAMESPACE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AgentNamespace - name: SUBSCRIBER_IMAGE value: "litmuschaos/litmusportal-subscriber:ci" - - name: SUBSCRIBER_NAMESPACE - value: "litmus" - name: DEPLOYER_IMAGE value: "litmuschaos/litmusportal-self-deployer:ci" - - name: DEPLOYER_NAMESPACE - value: "litmus" + - name: ARGO_SERVER_IMAGE + value: "argoproj/argocli:v2.9.3" + - name: ARGO_WORKFLOW_CONTROLLER_IMAGE + value: "argoproj/workflow-controller:v2.9.3" + - name: ARGO_WORKFLOW_EXECUTOR_IMAGE + value: "argoproj/argoexec:v2.9.3" + - name: LITMUS_CHAOS_OPERATOR_IMAGE + value: "litmuschaos/chaos-operator:1.8.2" + - name: LITMUS_CHAOS_RUNNER_IMAGE + value: "litmuschaos/chaos-runner:1.8.2" ports: - - containerPort: 8080 + - containerPort: 8080 imagePullPolicy: Always - name: auth-server image: litmuschaos/litmusportal-auth-server:ci env: - name: DB_SERVER - value: "mongodb://mongo-service:27017" + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DataBaseServer - name: JWT_SECRET - value: "litmus-portal@123" + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: JWTSecret - name: ADMIN_USERNAME value: "admin" - name: ADMIN_PASSWORD value: "litmus" ports: - - containerPort: 3000 + - containerPort: 3000 imagePullPolicy: Always - serviceAccountName: litmus-svc-account + serviceAccountName: litmus-server-account --- apiVersion: v1 kind: Service @@ -111,7 +224,6 @@ spec: - name: graphql-server port: 9002 targetPort: 8080 - nodePort: 31000 - name: auth-server port: 9003 targetPort: 3000 @@ -136,14 +248,14 @@ spec: component: database spec: containers: - - name: mongo - image: mongo:4.2.8 - ports: - - containerPort: 27017 - imagePullPolicy: Always - volumeMounts: - - name: mongo-persistent-storage - mountPath: /data/db + - name: mongo + image: mongo:4.2.8 + ports: + - containerPort: 27017 + imagePullPolicy: Always + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db volumes: - name: mongo-persistent-storage persistentVolumeClaim: @@ -176,23 +288,3 @@ spec: targetPort: 27017 selector: component: database ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: litmus-svc-account - namespace: litmus ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: litmus-rb - namespace: litmus -subjects: - - kind: ServiceAccount - name: litmus-svc-account - namespace: litmus -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io diff --git a/litmus-portal/frontend/.stignore b/litmus-portal/frontend/.stignore new file mode 100644 index 00000000000..326b3995379 --- /dev/null +++ b/litmus-portal/frontend/.stignore @@ -0,0 +1,56 @@ +.git +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules +jspm_packages + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# parcel-bundler cache (https://parceljs.org/) +.cache + +# next.js build output +.next + +# nuxt.js build output +.nuxt + +# vuepress build output +.vuepress/dist + +# Serverless directories +.serverless + diff --git a/litmus-portal/frontend/okteto.yml b/litmus-portal/frontend/okteto.yml new file mode 100644 index 00000000000..6aeb30e8bf5 --- /dev/null +++ b/litmus-portal/frontend/okteto.yml @@ -0,0 +1,20 @@ +name: litmusportal-frontend +labels: + component: litmusportal-frontend +image: okteto/node:12 +environment: + - CI=true + - CYPRESS_INSTALL_BINARY=0 + - PORT=80 +command: + - bash +sync: + - .:/usr/src/app +forward: + - 80:80 +resources: + limits: + cpu: "1" + memory: 2Gi +persistentVolume: + enabled: true diff --git a/litmus-portal/frontend/package-lock.json b/litmus-portal/frontend/package-lock.json index eb16f118552..9ea9e09ed74 100644 --- a/litmus-portal/frontend/package-lock.json +++ b/litmus-portal/frontend/package-lock.json @@ -22914,4 +22914,4 @@ } } } -} +} \ No newline at end of file diff --git a/litmus-portal/graphql-server/manifests/subscriber.yml b/litmus-portal/graphql-server/manifests/cluster-subscriber.yml similarity index 84% rename from litmus-portal/graphql-server/manifests/subscriber.yml rename to litmus-portal/graphql-server/manifests/cluster-subscriber.yml index 1d7e4595527..a218842fffa 100644 --- a/litmus-portal/graphql-server/manifests/subscriber.yml +++ b/litmus-portal/graphql-server/manifests/cluster-subscriber.yml @@ -1,9 +1,9 @@ +# This is an auto-generated file. DO NOT EDIT apiVersion: v1 kind: Namespace metadata: - name: argo + name: #{AGENT-NAMESPACE} --- -# This is an auto-generated file. DO NOT EDIT apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -76,26 +76,13 @@ apiVersion: v1 kind: ServiceAccount metadata: name: argo - namespace: argo + namespace: #{AGENT-NAMESPACE} --- apiVersion: v1 kind: ServiceAccount metadata: name: argo-server - namespace: argo ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-role - namespace: argo -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get + namespace: #{AGENT-NAMESPACE} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -315,19 +302,6 @@ rules: - delete --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-binding - namespace: argo -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-role -subjects: - - kind: ServiceAccount - name: argo ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argo-binding @@ -338,7 +312,7 @@ roleRef: subjects: - kind: ServiceAccount name: argo - namespace: argo + namespace: #{AGENT-NAMESPACE} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -351,19 +325,24 @@ roleRef: subjects: - kind: ServiceAccount name: argo-server - namespace: argo + namespace: #{AGENT-NAMESPACE} --- apiVersion: v1 kind: ConfigMap metadata: name: workflow-controller-configmap - namespace: argo + namespace: #{AGENT-NAMESPACE} +data: + config: | + containerRuntimeExecutor: k8sapi + executor: + imagePullPolicy: IfNotPresent --- apiVersion: v1 kind: Service metadata: name: argo-server - namespace: argo + namespace: #{AGENT-NAMESPACE} spec: ports: - name: web @@ -376,7 +355,7 @@ apiVersion: v1 kind: Service metadata: name: workflow-controller-metrics - namespace: argo + namespace: #{AGENT-NAMESPACE} spec: ports: - name: metrics @@ -390,7 +369,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: argo-server - namespace: argo + namespace: #{AGENT-NAMESPACE} spec: selector: matchLabels: @@ -403,7 +382,7 @@ spec: containers: - args: - server - image: argoproj/argocli:v2.9.3 + image: #{ARGO-SERVER} name: argo-server ports: - containerPort: 2746 @@ -423,7 +402,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: workflow-controller - namespace: argo + namespace: #{AGENT-NAMESPACE} spec: selector: matchLabels: @@ -438,62 +417,84 @@ spec: - --configmap - workflow-controller-configmap - --executor-image - - argoproj/argoexec:v2.9.3 + - #{ARGO-WORKFLOW-EXECUTOR} command: - workflow-controller - image: argoproj/workflow-controller:v2.9.3 + image: #{ARGO-WORKFLOW-CONTROLLER} name: workflow-controller nodeSelector: kubernetes.io/os: linux serviceAccountName: argo --- apiVersion: v1 -kind: Namespace -metadata: - name: litmus ---- -apiVersion: v1 kind: ServiceAccount metadata: - name: litmus - namespace: litmus + name: litmus-cluster-scope + namespace: #{AGENT-NAMESPACE} labels: - name: litmus + name: litmus-cluster-scope --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: litmus + name: litmus-cluster-scope labels: - name: litmus + name: litmus-cluster-scope rules: - - apiGroups: ["","apps","batch","litmuschaos.io","apps.openshift.io"] - resources: ["pods","jobs","deployments","replicationcontrollers","daemonsets","replicasets","statefulsets","deploymentconfigs","events","configmaps","services","secrets","chaosengines","chaosexperiments","chaosresults"] - verbs: ["get","create","update","patch","delete","list","watch","deletecollection"] + - apiGroups: ["", "apps", "batch", "litmuschaos.io", "apps.openshift.io"] + resources: + [ + "pods", + "jobs", + "deployments", + "replicationcontrollers", + "daemonsets", + "replicasets", + "statefulsets", + "deploymentconfigs", + "events", + "configmaps", + "services", + "secrets", + "chaosengines", + "chaosexperiments", + "chaosresults", + ] + verbs: + [ + "get", + "create", + "update", + "patch", + "delete", + "list", + "watch", + "deletecollection", + ] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] - verbs: ["get","create","list","delete","update"] + verbs: ["get", "create", "list", "delete", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: litmus + name: litmus-cluster-scope labels: - name: litmus + name: litmus-cluster-scope roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: litmus + name: litmus-cluster-scope subjects: - kind: ServiceAccount - name: litmus - namespace: litmus + name: litmus-cluster-scope + namespace: #{AGENT-NAMESPACE} --- apiVersion: apps/v1 kind: Deployment metadata: name: chaos-operator-ce - namespace: litmus + namespace: #{AGENT-NAMESPACE} spec: replicas: 1 selector: @@ -504,16 +505,16 @@ spec: labels: name: chaos-operator spec: - serviceAccountName: litmus + serviceAccountName: litmus-cluster-scope containers: - name: chaos-operator - image: litmuschaos/chaos-operator:1.7.0 + image: #{LITMUS-CHAOS-OPERATOR} command: - chaos-operator imagePullPolicy: Always env: - name: CHAOS_RUNNER_IMAGE - value: "litmuschaos/chaos-runner:1.7.0" + value: #{LITMUS-CHAOS-RUNNER} - name: WATCH_NAMESPACE value: "" - name: POD_NAME @@ -539,14 +540,16 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: + "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this + description: + "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" type: string metadata: type: object @@ -761,7 +764,6 @@ spec: minLength: 1 allowEmptyValue: false - status: type: object version: v1alpha1 @@ -788,14 +790,16 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: + "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this + description: + "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" type: string metadata: type: object @@ -936,14 +940,16 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: + "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this + description: + "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" type: string metadata: type: object @@ -961,7 +967,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: litmus-admin - namespace: litmus + namespace: #{AGENT-NAMESPACE} labels: name: litmus-admin --- @@ -973,12 +979,44 @@ metadata: labels: name: litmus-admin rules: - - apiGroups: ["","apps","batch","extensions","litmuschaos.io","openebs.io","storage.k8s.io"] - resources: ["chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","configmaps","secrets","pods","pods/exec","pods/log","pods/eviction","jobs","replicasets","deployments","daemonsets","statefulsets","persistentvolumeclaims","persistentvolumes","storageclasses","services","events"] - verbs: ["create","delete","get","list","patch","update"] + - apiGroups: + [ + "", + "apps", + "batch", + "extensions", + "litmuschaos.io", + "openebs.io", + "storage.k8s.io", + ] + resources: + [ + "chaosengines", + "chaosexperiments", + "chaosresults", + "cstorpools", + "cstorvolumereplicas", + "configmaps", + "secrets", + "pods", + "pods/exec", + "pods/log", + "pods/eviction", + "jobs", + "replicasets", + "deployments", + "daemonsets", + "statefulsets", + "persistentvolumeclaims", + "persistentvolumes", + "storageclasses", + "services", + "events", + ] + verbs: ["create", "delete", "get", "list", "patch", "update"] - apiGroups: [""] resources: ["nodes"] - verbs: ["get","list","patch","update"] + verbs: ["get", "list", "patch", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -993,7 +1031,7 @@ roleRef: subjects: - kind: ServiceAccount name: litmus-admin - namespace: litmus + namespace: #{AGENT-NAMESPACE} --- apiVersion: v1 kind: ServiceAccount @@ -1006,11 +1044,11 @@ metadata: name: chaos-cluster-role rules: - apiGroups: - - '*' + - "*" resources: - - '*' + - "*" verbs: - - '*' + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1023,13 +1061,64 @@ roleRef: subjects: - kind: ServiceAccount name: argo-chaos - namespace: litmus + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: subscriber-service-account + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: subscriber-cluster + namespace: #{AGENT-NAMESPACE} + labels: + name: subscriber-cluster +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: subscriber-cluster-rb + namespace: #{AGENT-NAMESPACE} +subjects: + - kind: ServiceAccount + name: subscriber-service-account + namespace: #{AGENT-NAMESPACE} +roleRef: + kind: ClusterRole + name: subscriber-cluster + apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: subscriber - namespace: #{SUB-NAMESPACE} + namespace: #{AGENT-NAMESPACE} labels: app: subscriber spec: @@ -1041,14 +1130,21 @@ spec: labels: app: subscriber spec: - serviceAccountName: litmus-svc-account + serviceAccountName: subscriber-service-account containers: - name: subscriber image: #{SUB-IMAGE} + imagePullPolicy: Always env: - name: GQL_SERVER value: #{SERVER} - name: CID value: #{CID} - name: KEY - value: #{KEY} \ No newline at end of file + value: #{KEY} + - name: AGENT_SCOPE + value: #{AGENT-SCOPE} + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace diff --git a/litmus-portal/graphql-server/manifests/namespace-subscriber.yml b/litmus-portal/graphql-server/manifests/namespace-subscriber.yml new file mode 100644 index 00000000000..0e3fceb4ea4 --- /dev/null +++ b/litmus-portal/graphql-server/manifests/namespace-subscriber.yml @@ -0,0 +1,674 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-server + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: argo-aggregate-to-admin + namespace: #{AGENT-NAMESPACE} +rules: + - apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: argo-aggregate-to-edit + namespace: #{AGENT-NAMESPACE} +rules: + - apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: argo-aggregate-to-view + namespace: #{AGENT-NAMESPACE} +rules: + - apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role + namespace: #{AGENT-NAMESPACE} +rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create + - apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "policy" + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-server-role + namespace: #{AGENT-NAMESPACE} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch + - apiGroups: + - "" + resources: + - secrets + - serviceaccounts + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding + namespace: #{AGENT-NAMESPACE} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: + - kind: ServiceAccount + name: argo + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-server-binding + namespace: #{AGENT-NAMESPACE} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-server-role +subjects: + - kind: ServiceAccount + name: argo-server + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap + namespace: #{AGENT-NAMESPACE} +data: + config: | + containerRuntimeExecutor: k8sapi + executor: + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 0.15 + memory: 512Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: argo-server + namespace: #{AGENT-NAMESPACE} +spec: + ports: + - name: web + port: 2746 + targetPort: 2746 + selector: + app: argo-server +--- +apiVersion: v1 +kind: Service +metadata: + name: workflow-controller-metrics + namespace: #{AGENT-NAMESPACE} +spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: workflow-controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server + namespace: #{AGENT-NAMESPACE} +spec: + selector: + matchLabels: + app: argo-server + template: + metadata: + labels: + app: argo-server + spec: + containers: + - args: + - server + - --namespaced + image: #{ARGO-SERVER} + name: argo-server + resources: + limits: + cpu: 150m + memory: 250Mi + ports: + - containerPort: 2746 + name: web + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 20 + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argo-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflow-controller + namespace: #{AGENT-NAMESPACE} +spec: + selector: + matchLabels: + app: workflow-controller + template: + metadata: + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - #{ARGO-WORKFLOW-EXECUTOR} + - --namespaced + command: + - workflow-controller + image: #{ARGO-WORKFLOW-CONTROLLER} + name: workflow-controller + resources: + limits: + cpu: 150m + memory: 250Mi + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argo +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: subscriber-service-account + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: subscriber-namespace + namespace: #{AGENT-NAMESPACE} + labels: + name: subscriber-namespace +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: subscriber-namespace-rb + namespace: #{AGENT-NAMESPACE} +subjects: + - kind: ServiceAccount + name: subscriber-service-account + namespace: #{AGENT-NAMESPACE} +roleRef: + kind: Role + name: subscriber-namespace + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: subscriber + namespace: #{AGENT-NAMESPACE} + labels: + app: subscriber +spec: + selector: + matchLabels: + app: subscriber + template: + metadata: + labels: + app: subscriber + spec: + serviceAccountName: subscriber-service-account + containers: + - name: subscriber + image: #{SUB-IMAGE} + resources: + limits: + cpu: 200m + memory: 500Mi + imagePullPolicy: Always + env: + - name: GQL_SERVER + value: #{SERVER} + - name: CID + value: #{CID} + - name: KEY + value: #{KEY} + - name: AGENT_SCOPE + value: #{AGENT-SCOPE} + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-namespace-scope + namespace: #{AGENT-NAMESPACE} + labels: + name: litmus-namespace-scope +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: litmus-namespace-scope + namespace: #{AGENT-NAMESPACE} + labels: + name: litmus-namespace-scope +rules: + - apiGroups: ["", "apps", "batch", "extensions", "litmuschaos.io"] + resources: + [ + "pods", + "pods/exec", + "pods/log", + "pods/eviction", + "jobs", + "deployments", + "daemonsets", + "replicasets", + "statefulsets", + "events", + "configmaps", + "services", + "chaosengines", + "chaosexperiments", + "chaosresults", + ] + verbs: + [ + "get", + "create", + "update", + "patch", + "delete", + "list", + "watch", + "deletecollection", + ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: litmus-namespace-scope + namespace: #{AGENT-NAMESPACE} + labels: + name: litmus-namespace-scope +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-namespace-scope +subjects: + - kind: ServiceAccount + name: litmus-namespace-scope + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: chaos-operator-ce + namespace: #{AGENT-NAMESPACE} +spec: + replicas: 1 + selector: + matchLabels: + name: chaos-operator + template: + metadata: + labels: + name: chaos-operator + spec: + serviceAccountName: litmus-namespace-scope + containers: + - name: chaos-operator + image: #{LITMUS-CHAOS-OPERATOR} + resources: + limits: + cpu: 150m + memory: 250Mi + command: + - chaos-operator + imagePullPolicy: Always + env: + - name: CHAOS_RUNNER_IMAGE + value: #{LITMUS-CHAOS-RUNNER} + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "chaos-operator" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-namespace-admin + namespace: #{AGENT-NAMESPACE} + labels: + name: litmus-namespace-admin +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: litmus-namespace-admin + namespace: #{AGENT-NAMESPACE} + labels: + name: litmus-namespace-admin +rules: + - apiGroups: ["", "apps", "batch", "extensions", "litmuschaos.io"] + resources: + [ + "pods", + "pods/exec", + "pods/log", + "pods/eviction", + "jobs", + "deployments", + "daemonsets", + "statefulsets", + "events", + "configmaps", + "services", + "chaosengines", + "chaosexperiments", + "chaosresults", + ] + verbs: + [ + "get", + "create", + "update", + "patch", + "delete", + "list", + "watch", + "deletecollection", + ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: litmus-namespace-admin + namespace: #{AGENT-NAMESPACE} + labels: + name: litmus-namespace-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-namespace-admin +subjects: + - kind: ServiceAccount + name: litmus-namespace-admin + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-chaos + namespace: #{AGENT-NAMESPACE} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chaos-role + namespace: #{AGENT-NAMESPACE} +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: chaos-role-binding + namespace: #{AGENT-NAMESPACE} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chaos-role +subjects: + - kind: ServiceAccount + name: argo-chaos + namespace: #{AGENT-NAMESPACE} diff --git a/litmus-portal/graphql-server/pkg/database/mongodb/init.go b/litmus-portal/graphql-server/pkg/database/mongodb/init.go index 95e0448bca9..ac63d732dab 100644 --- a/litmus-portal/graphql-server/pkg/database/mongodb/init.go +++ b/litmus-portal/graphql-server/pkg/database/mongodb/init.go @@ -76,7 +76,7 @@ func init() { if dbServer == "" { log.Fatal("Environment Variable DB_SERVER is not present") } - clientOptions := options.Client().ApplyURI("mongodb://" + dbServer) + clientOptions := options.Client().ApplyURI(dbServer) client, err := mongo.Connect(backgroundContext, clientOptions) if err != nil { log.Fatal(err) diff --git a/litmus-portal/graphql-server/pkg/file_handlers/file_handlers.go b/litmus-portal/graphql-server/pkg/file_handlers/file_handlers.go index 8b190164ee2..cfd012f2e19 100644 --- a/litmus-portal/graphql-server/pkg/file_handlers/file_handlers.go +++ b/litmus-portal/graphql-server/pkg/file_handlers/file_handlers.go @@ -5,19 +5,27 @@ import ( "net/http" "os" - "github.com/litmuschaos/litmus/litmus-portal/graphql-server/utils" - "github.com/gorilla/mux" "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/cluster" database "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/database/mongodb" + "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/types" + "github.com/litmuschaos/litmus/litmus-portal/graphql-server/utils" ) +var subscriberConfiguration = &types.SubscriberConfigurationVars{ + AgentNamespace: os.Getenv("AGENT_NAMESPACE"), + AgentScope: os.Getenv("AGENT_SCOPE"), + GQLServerURI: os.Getenv("SERVICE_ADDRESS") + "/query", + SubscriberImage: os.Getenv("SUBSCRIBER_IMAGE"), + ArgoServerImage: os.Getenv("ARGO_SERVER_IMAGE"), + WorkflowControllerImage: os.Getenv("ARGO_WORKFLOW_CONTROLLER_IMAGE"), + ChaosOperatorImage: os.Getenv("LITMUS_CHAOS_OPERATOR_IMAGE"), + WorkflowExecutorImage: os.Getenv("ARGO_WORKFLOW_EXECUTOR_IMAGE"), + ChaosRunnerImage: os.Getenv("LITMUS_CHAOS_RUNNER_IMAGE"), +} + //FileHandler dynamically generates the manifest file and sends it as a response func FileHandler(w http.ResponseWriter, r *http.Request) { - serviceAddr := os.Getenv("SERVICE_ADDRESS") - subscriberImage := os.Getenv("SUBSCRIBER_IMAGE") - subscriberNS := os.Getenv("DEPLOYER_NAMESPACE") - vars := mux.Vars(r) token := vars["key"] @@ -37,7 +45,14 @@ func FileHandler(w http.ResponseWriter, r *http.Request) { if !reqCluster.IsRegistered { var respData []byte - respData, err = utils.ManifestParser(reqCluster.ClusterID, reqCluster.AccessKey, serviceAddr+"/query", subscriberImage, subscriberNS, "manifests/subscriber.yml") + + if subscriberConfiguration.AgentScope == "cluster" { + respData, err = utils.ManifestParser(reqCluster.ClusterID, reqCluster.AccessKey, "manifests/cluster-subscriber.yml", subscriberConfiguration) + } else if subscriberConfiguration.AgentScope == "namespace" { + respData, err = utils.ManifestParser(reqCluster.ClusterID, reqCluster.AccessKey, "manifests/namespace-subscriber.yml", subscriberConfiguration) + } else { + log.Print("ERROR- AGENT SCOPE NOT SELECTED!") + } if err != nil { log.Print("ERROR", err) diff --git a/litmus-portal/graphql-server/pkg/graphql/subscriptions/subscription.go b/litmus-portal/graphql-server/pkg/graphql/subscriptions/subscription.go index c35556e561b..64e05cb3ef2 100644 --- a/litmus-portal/graphql-server/pkg/graphql/subscriptions/subscription.go +++ b/litmus-portal/graphql-server/pkg/graphql/subscriptions/subscription.go @@ -1,6 +1,8 @@ package subscriptions import ( + "os" + "github.com/google/uuid" "github.com/litmuschaos/litmus/litmus-portal/graphql-server/graph/model" store "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/data-store" @@ -38,7 +40,14 @@ func SendWorkflowEvent(wfRun model.WorkflowRun, r store.StateData) { func SendWorkflowRequest(wfRequest *database.ChaosWorkFlowInput, r store.StateData) { - namespace := "litmus" + namespace := os.Getenv("AGENT_NAMESPACE") + if os.Getenv("AGENT_SCOPE") == "cluster" { + /* + namespace = Obtain from WorkflowManifest or + from frontend as a separate workflowNamespace field under ChaosWorkFlowInput model + for CreateChaosWorkflow mutation to be passed to this function. + */ + } requesttype := "create" newAction := &model.ClusterAction{ ProjectID: wfRequest.ProjectID, diff --git a/litmus-portal/graphql-server/pkg/k8s/cluster.go b/litmus-portal/graphql-server/pkg/k8s/cluster.go index 22e1e07b0fb..8bf832710fb 100644 --- a/litmus-portal/graphql-server/pkg/k8s/cluster.go +++ b/litmus-portal/graphql-server/pkg/k8s/cluster.go @@ -5,18 +5,22 @@ import ( "log" "os" - "k8s.io/client-go/kubernetes" - - "k8s.io/client-go/tools/clientcmd" - appsv1 "k8s.io/api/apps/v1" apiv1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" ) func CreateDeployment(namespace, token string) (*appsv1.Deployment, error) { deployerImage := os.Getenv("DEPLOYER_IMAGE") + subscriberSC := os.Getenv("AGENT_SCOPE") + selfDeployerSvcAccount := "self-deployer-namespace-account" + if subscriberSC == "cluster" { + selfDeployerSvcAccount = "self-deployer-admin-account" + } cfg, err := GetKubeConfig() clientset, err := kubernetes.NewForConfig(cfg) if err != nil { @@ -46,8 +50,14 @@ func CreateDeployment(namespace, token string) (*appsv1.Deployment, error) { Spec: apiv1.PodSpec{ Containers: []apiv1.Container{ { - Name: "deployer", - Image: deployerImage, + Name: "deployer", + Image: deployerImage, + Resources: apiv1.ResourceRequirements{ + Limits: apiv1.ResourceList{ + "cpu": resource.MustParse("100m"), + "memory": resource.MustParse("128Mi"), + }, + }, ImagePullPolicy: "Always", Env: []apiv1.EnvVar{ { @@ -58,10 +68,18 @@ func CreateDeployment(namespace, token string) (*appsv1.Deployment, error) { Name: "TOKEN", Value: token, }, + { + Name: "NAMESPACE", + ValueFrom: &apiv1.EnvVarSource{ + FieldRef: &apiv1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, }, }, }, - ServiceAccountName: "litmus-svc-account", + ServiceAccountName: selfDeployerSvcAccount, }, }, }, diff --git a/litmus-portal/graphql-server/pkg/self-deployer/start.go b/litmus-portal/graphql-server/pkg/self-deployer/start.go index 186deb7be59..2d713fe4478 100644 --- a/litmus-portal/graphql-server/pkg/self-deployer/start.go +++ b/litmus-portal/graphql-server/pkg/self-deployer/start.go @@ -11,12 +11,12 @@ import ( ) // StartDeployer registers a new internal self-cluster and starts the deployer -func StartDeployer(projectId string) { +func StartDeployer(projectID string) { log.Print("STARTING SELF-DEPLOYER") - DEPLOYER_NAMESPACE := os.Getenv("DEPLOYER_NAMESPACE") + DeployerNamespace := os.Getenv("AGENT_NAMESPACE") clusterInput := model.ClusterInput{ - ProjectID: projectId, + ProjectID: projectID, ClusterName: "Self-Cluster", ClusterType: "internal", PlatformName: "others", @@ -25,7 +25,7 @@ func StartDeployer(projectId string) { if err != nil { log.Print("SELF CLUSTER REG FAILED[DB-REG] : ", err) } - response, err := k8s.CreateDeployment(DEPLOYER_NAMESPACE, resp.Token) + response, err := k8s.CreateDeployment(DeployerNamespace, resp.Token) if err != nil { log.Print("SELF CLUSTER REG FAILED[DEPLOY-CREATION] : ", err) } diff --git a/litmus-portal/graphql-server/pkg/types/configurations.go b/litmus-portal/graphql-server/pkg/types/configurations.go new file mode 100644 index 00000000000..a4ac6e38d15 --- /dev/null +++ b/litmus-portal/graphql-server/pkg/types/configurations.go @@ -0,0 +1,14 @@ +package types + +//SubscriberConfigurationVars contains the required configurable parameters for subscriber installation +type SubscriberConfigurationVars struct { + AgentNamespace string + AgentScope string + GQLServerURI string + SubscriberImage string + ArgoServerImage string + WorkflowControllerImage string + ChaosOperatorImage string + WorkflowExecutorImage string + ChaosRunnerImage string +} diff --git a/litmus-portal/graphql-server/utils/misc.go b/litmus-portal/graphql-server/utils/misc.go index 69e28df2352..4963913a6c8 100644 --- a/litmus-portal/graphql-server/utils/misc.go +++ b/litmus-portal/graphql-server/utils/misc.go @@ -6,6 +6,8 @@ import ( "net/http" "os" "strings" + + "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/types" ) //WriteHeaders adds important headers to API responses @@ -26,7 +28,7 @@ func RandomString(n int) string { } //ManifestParser parses manifests yaml and generates dynamic manifest with specified keys -func ManifestParser(id, key, server, subscriberImage, subscriberNS, template string) ([]byte, error) { +func ManifestParser(id, key, template string, subscriberConfig *types.SubscriberConfigurationVars) ([]byte, error) { file, err := os.Open(template) if err != nil { return []byte{}, err @@ -42,11 +44,23 @@ func ManifestParser(id, key, server, subscriberImage, subscriberNS, template str } else if strings.Contains(line, "#{KEY}") { line = strings.Replace(line, "#{KEY}", key, -1) } else if strings.Contains(line, "#{SERVER}") { - line = strings.Replace(line, "#{SERVER}", server, -1) + line = strings.Replace(line, "#{SERVER}", subscriberConfig.GQLServerURI, -1) } else if strings.Contains(line, "#{SUB-IMAGE}") { - line = strings.Replace(line, "#{SUB-IMAGE}", subscriberImage, -1) - } else if strings.Contains(line, "#{SUB-NAMESPACE}") { - line = strings.Replace(line, "#{SUB-NAMESPACE}", subscriberNS, -1) + line = strings.Replace(line, "#{SUB-IMAGE}", subscriberConfig.SubscriberImage, -1) + } else if strings.Contains(line, "#{AGENT-NAMESPACE}") { + line = strings.Replace(line, "#{AGENT-NAMESPACE}", subscriberConfig.AgentNamespace, -1) + } else if strings.Contains(line, "#{AGENT-SCOPE}") { + line = strings.Replace(line, "#{AGENT-SCOPE}", subscriberConfig.AgentScope, -1) + } else if strings.Contains(line, "#{ARGO-SERVER}") { + line = strings.Replace(line, "#{ARGO-SERVER}", subscriberConfig.ArgoServerImage, -1) + } else if strings.Contains(line, "#{ARGO-WORKFLOW-CONTROLLER}") { + line = strings.Replace(line, "#{ARGO-WORKFLOW-CONTROLLER}", subscriberConfig.WorkflowControllerImage, -1) + } else if strings.Contains(line, "#{LITMUS-CHAOS-OPERATOR}") { + line = strings.Replace(line, "#{LITMUS-CHAOS-OPERATOR}", subscriberConfig.ChaosOperatorImage, -1) + } else if strings.Contains(line, "#{ARGO-WORKFLOW-EXECUTOR}") { + line = strings.Replace(line, "#{ARGO-WORKFLOW-EXECUTOR}", subscriberConfig.WorkflowExecutorImage, -1) + } else if strings.Contains(line, "#{LITMUS-CHAOS-RUNNER}") { + line = strings.Replace(line, "#{LITMUS-CHAOS-RUNNER}", subscriberConfig.ChaosRunnerImage, -1) } lines = append(lines, line) } diff --git a/litmus-portal/litmus-portal-crds.yml b/litmus-portal/litmus-portal-crds.yml new file mode 100644 index 00000000000..a5db3d02b22 --- /dev/null +++ b/litmus-portal/litmus-portal-crds.yml @@ -0,0 +1,506 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + scope: Cluster + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + plural: cronworkflows + shortNames: + - cronwf + - cwf + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + additionalPrinterColumns: + - JSONPath: .status.phase + description: Status of the workflow + name: Status + type: string + - JSONPath: .status.startedAt + description: When the workflow was started + format: date-time + name: Age + type: date + group: argoproj.io + names: + kind: Workflow + plural: workflows + shortNames: + - wf + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + plural: workflowtemplates + shortNames: + - wftmpl + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: chaosengines.litmuschaos.io +spec: + group: litmuschaos.io + names: + kind: ChaosEngine + listKind: ChaosEngineList + plural: chaosengines + singular: chaosengine + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + type: object + properties: + monitoring: + type: boolean + jobCleanUpPolicy: + type: string + pattern: ^(delete|retain)$ + # alternate ways to do this in case of complex pattern matches + #oneOf: + # - pattern: '^delete$' + # - pattern: '^retain$' + annotationCheck: + type: string + pattern: ^(true|false)$ + appinfo: + type: object + properties: + appkind: + type: string + pattern: ^(deployment|statefulset|daemonset|deploymentconfig)$ + applabel: + pattern: ([a-z0-9A-Z_\.-/]+)=([a-z0-9A-Z_\.-/_]+) + type: string + appns: + type: string + auxiliaryAppInfo: + type: string + engineState: + type: string + pattern: ^(active|stop|initialized|stopped)$ + chaosServiceAccount: + type: string + components: + type: object + properties: + runner: + type: object + properties: + image: + type: string + type: + type: string + pattern: ^(go)$ + runnerannotation: + type: object + additionalProperties: + type: string + properties: + key: + type: string + minLength: 1 + allowEmptyValue: false + value: + type: string + minLength: 1 + allowEmptyValue: false + experiments: + type: array + items: + type: object + properties: + name: + type: string + spec: + type: object + properties: + k8sProbe: + type: array + items: + type: object + properties: + name: + type: string + inputs: + type: object + properties: + command: + type: object + properties: + group: + type: string + version: + type: string + resource: + type: string + namespace: + type: string + fieldSelector: + type: string + expectedResult: + type: string + runProperties: + type: object + properties: + probeTimeout: + type: integer + interval: + type: integer + retry: + type: integer + mode: + type: string + cmdProbe: + type: array + items: + type: object + properties: + name: + type: string + inputs: + type: object + properties: + command: + type: string + expectedResult: + type: string + source: + type: string + runProperties: + type: object + properties: + probeTimeout: + type: integer + interval: + type: integer + retry: + type: integer + mode: + type: string + httpProbe: + type: array + items: + type: object + properties: + name: + type: string + inputs: + type: object + properties: + url: + type: string + expectedResponseCode: + type: string + runProperties: + type: object + properties: + probeTimeout: + type: integer + interval: + type: integer + retry: + type: integer + mode: + type: string + components: + type: object + properties: + statusCheckTimeouts: + type: object + properties: + delay: + type: integer + timeout: + type: integer + nodeSelector: + type: object + minLength: 1 + experimentImage: + type: string + env: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + configMaps: + type: array + items: + type: object + properties: + name: + type: string + mountPath: + type: string + secrets: + type: array + items: + type: object + properties: + name: + type: string + mountPath: + type: string + experimentannotation: + type: object + additionalProperties: + type: string + properties: + key: + type: string + minLength: 1 + allowEmptyValue: false + value: + type: string + minLength: 1 + allowEmptyValue: false + + status: + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: chaosexperiments.litmuschaos.io +spec: + group: litmuschaos.io + names: + kind: ChaosExperiment + listKind: ChaosExperimentList + plural: chaosexperiments + singular: chaosexperiment + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + type: object + properties: + definition: + type: object + properties: + args: + type: array + items: + type: string + command: + type: array + items: + type: string + env: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + image: + type: string + labels: + type: object + properties: + name: + type: string + scope: + type: string + pattern: ^(Namespaced|Cluster)$ + permissions: + type: array + items: + type: object + minProperties: 3 + required: + - apiGroups + - resources + - verbs + properties: + apiGroups: + type: array + items: + type: string + resources: + type: array + items: + type: string + verbs: + type: array + items: + type: string + resourceNames: + type: array + items: + type: string + nonResourceURLs: + type: array + items: + type: string + configmaps: + type: array + items: + type: object + minProperties: 2 + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 + secrets: + type: array + items: + type: object + minProperties: 2 + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 + hostFileVolumes: + type: array + items: + type: object + minProperties: 3 + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 + nodePath: + type: string + allowEmptyValue: false + minLength: 1 + securityContext: + type: object + hostPID: + type: boolean + status: + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: chaosresults.litmuschaos.io +spec: + group: litmuschaos.io + names: + kind: ChaosResult + listKind: ChaosResultList + plural: chaosresults + singular: chaosresult + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + type: object + status: + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/litmus-portal/namespaced-K8s-template.yml b/litmus-portal/namespaced-K8s-template.yml new file mode 100644 index 00000000000..cf2b4c3c806 --- /dev/null +++ b/litmus-portal/namespaced-K8s-template.yml @@ -0,0 +1,286 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmus-portal-admin-config +data: + AgentScope: namespace + AgentNamespace: ${LITMUS_PORTAL_NAMESPACE} + DataBaseServer: "mongodb://mongo-service:27017" + JWTSecret: "litmus-portal@123" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-frontend + labels: + component: litmusportal-frontend +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-frontend + template: + metadata: + labels: + component: litmusportal-frontend + spec: + containers: + - name: litmusportal-frontend + image: litmuschaos/litmusportal-frontend:ci + resources: + limits: + cpu: 200m + memory: 400Mi + imagePullPolicy: Always + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-frontend-service +spec: + type: NodePort + ports: + - name: http + port: 9091 + targetPort: 80 + selector: + component: litmusportal-frontend +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: self-deployer-namespace-account +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: deployer-namespace + labels: + name: deployer-namespace +rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: deployer-namespace-rb +subjects: + - kind: ServiceAccount + name: self-deployer-namespace-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +roleRef: + kind: Role + name: deployer-namespace + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-server-account +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: litmus-server + labels: + name: litmus-server +rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - patch + - update + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: litmus-server-rb +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: ${LITMUS_PORTAL_NAMESPACE} +roleRef: + kind: Role + name: litmus-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-server + labels: + component: litmusportal-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-server + template: + metadata: + labels: + component: litmusportal-server + spec: + containers: + - name: graphql-server + image: litmuschaos/litmusportal-server:ci + resources: + limits: + cpu: 200m + memory: 400Mi + env: + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DataBaseServer + - name: JWT_SECRET + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: JWTSecret + - name: SERVICE_ADDRESS + value: "http://litmusportal-server-service:9002" + - name: SELF_CLUSTER + value: "true" + - name: AGENT_SCOPE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AgentScope + - name: AGENT_NAMESPACE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AgentNamespace + - name: SUBSCRIBER_IMAGE + value: "litmuschaos/litmusportal-subscriber:ci" + - name: DEPLOYER_IMAGE + value: "litmuschaos/litmusportal-self-deployer:ci" + - name: ARGO_SERVER_IMAGE + value: "argoproj/argocli:v2.9.3" + - name: ARGO_WORKFLOW_CONTROLLER_IMAGE + value: "argoproj/workflow-controller:v2.9.3" + - name: ARGO_WORKFLOW_EXECUTOR_IMAGE + value: "argoproj/argoexec:v2.9.3" + - name: LITMUS_CHAOS_OPERATOR_IMAGE + value: "litmuschaos/chaos-operator:1.8.2" + - name: LITMUS_CHAOS_RUNNER_IMAGE + value: "litmuschaos/chaos-runner:1.8.2" + ports: + - containerPort: 8080 + imagePullPolicy: Always + - name: auth-server + image: litmuschaos/litmusportal-auth-server:ci + resources: + limits: + cpu: 200m + memory: 250Mi + env: + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DataBaseServer + - name: JWT_SECRET + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: JWTSecret + - name: ADMIN_USERNAME + value: "admin" + - name: ADMIN_PASSWORD + value: "litmus" + ports: + - containerPort: 3000 + imagePullPolicy: Always + serviceAccountName: litmus-server-account +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-server-service +spec: + type: NodePort + ports: + - name: graphql-server + port: 9002 + targetPort: 8080 + - name: auth-server + port: 9003 + targetPort: 3000 + selector: + component: litmusportal-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongo + labels: + app: mongo +spec: + replicas: 1 + selector: + matchLabels: + component: database + template: + metadata: + labels: + component: database + spec: + containers: + - name: mongo + image: mongo:4.2.8 + resources: + limits: + cpu: 200m + memory: 400Mi + ports: + - containerPort: 27017 + imagePullPolicy: Always + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db + volumes: + - name: mongo-persistent-storage + persistentVolumeClaim: + claimName: mongo-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongo-pv-claim + labels: + app: mongo +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mongo + name: mongo-service +spec: + ports: + - port: 27017 + targetPort: 27017 + selector: + component: database diff --git a/litmus-portal/platforms/okteto/README.md b/litmus-portal/platforms/okteto/README.md new file mode 100644 index 00000000000..590d85b1256 --- /dev/null +++ b/litmus-portal/platforms/okteto/README.md @@ -0,0 +1,134 @@ +# Litmus Portal development environment setup for Okteto cloud + +This directory contains setup guide to start developing Litmus Portal on Okteto cloud. + + +## Prerequisites + +- Install `kubectl` for `kubernetes` from [here](https://kubernetes.io/docs/tasks/tools/install-kubectl) + +- Create an Okteto cloud account and install the Okteto CLI from [here](https://okteto.com) + + For MAC/Linux: + + ```bash + curl https://get.okteto.com -sSfL | sh + ``` + + or + + ```bash + brew install okteto + ``` + + For Windows: + + Download the binary executable from [here](https://downloads.okteto.com/cli/okteto.exe) and add it to your `$PATH` environment variable. + +- Fork the repository [litmuschaos/litmus](https://github.com/litmuschaos/litmus) + +- Create a new branch called `dev` from `master` using GitHub UI. + +- Clone your forked version of [litmuschaos/litmus](https://github.com/litmuschaos/litmus) locally. + + ```bash + git clone https://github.com//litmus.git + ``` + +- Change to `litmus` directory and branch out from `master` to `dev` branch on your fork. + + ```bash + cd litmus + git checkout dev + ``` + + +## Instructions + +-

STEP-1:

Switch to `dev` branch from GitHub UI and click the `Develop on Okteto` button below to deploy litmus-portal on Okteto cloud and start developing. + + [![Develop on Okteto](https://okteto.com/develop-okteto.svg)](https://cloud.okteto.com/deploy) + +-

STEP-2:

Download and export the kubeconfig file from Okteto cloud settings page into `KUBECONFIG` environment variable and Login to Okteto cloud using the CLI. + + ```bash + export KUBECONFIG=$HOME/Downloads/okteto-kube.config:${KUBECONFIG:-$HOME/.kube/config} + okteto login + ``` + +-

STEP-3:

Go to specific component folders i.e. `authentication`, `cluster-agents/subscriber`, `graphql-server`, `tools/self-deployer` or `frontend` of `litmus-portal` folder and then run `okteto up` before manking changes to the code. + + ```bash + cd litmus-portal/frontend + okteto up + ``` + +-

STEP-4:

Start the selected component's service on its container to start developing and get the changes reflected on deployed litmus-portal component which can be accessed from Okteto UI or from `https://-.cloud.okteto.net`. This may take several minutes to start running inside the docker container. Add the given `if block` after changing `` with your GitHub username to `litmus-portal/frontend/src/config/index.ts` file just before the `export default` statement. Then enter username as `admin` and password as `litmus` to login from the UI. + + > ``:litmusportal-frontend app> + ```bash + npm install && npm audit fix && cd src && npm start + ``` + + > Use your IDE or code editor to add the given `if block` after changing `` with your GitHub username to `litmus-portal/frontend/src/config/index.ts` file just before the `export default` statement.
Must be done before login.
+ ```js + if (loc.href.includes('cloud.okteto.net')) { + authURL = + 'https://litmusportal-production-frontend-service-.cloud.okteto.net/auth'; + apiURL = + 'https://litmusportal-production-frontend-service-.cloud.okteto.net/api'; + sockURL = `wss://litmusportal-production-frontend-service-.cloud.okteto.net/ws`; + } + ``` + + > login as default user with username as `admin` and password as `litmus` from the browser via `https://litmusportal-frontend-service-.cloud.okteto.net` replacing `` with your GitHub username. + +-

STEP-5:

Schedule a chaos workflow from frontend selecting `namespaced-scope-chaos` from predefined workflow templates. Also replace the `adminModeNamespace` parameter's value field `litmus` with your GitHub username using the Yaml editor while scheduling. Now, you can start developing. + +-

STEP-6:

After you are done with the code changes, you may stop the development environment using `okteto down` and go to the `litmus-portal/frontend/src/config` directory of the cloned repository on `dev` branch from IDE or code editor and delete the `if block` which was added for okteto dev env setup from `index.ts` file. Then change to the root directory of the cloned repository i.e. `litmus` and push the changes to your fork's `dev` branch. + + > Exit the process and the container. Stop it using the given commands in sequence. + ```bash + exit && exit + okteto down + ``` + + > Go to `litmus-portal/frontend/src/config` directory of the clone from your IDE or code editor and delete the added `if block` for okteto env setup from `index.ts` file. + + > Change to the root directory of the cloned repository i.e. `litmus` and push the changes to your fork's `dev` branch. + ```bash + cd ../.. + git add . + git commit -s -m "Updated frontend component and reverted dev env changes." + git push --set-upstream origin dev + ``` + +-

STEP-7:

Raise a pull request from the `dev` branch in your fork to https://github.com/litmuschaos/litmus using GitHub UI after pushing all the changes. + + +## Debugging + +- Delete all configmaps after cleaning up your Okteto cloud namespace or deleting Litmus Portal components. + + ```bash + kubectl delete cm --all + ``` + +- Export kubeconfig file to `KUBECONFIG` environment variable when `deployment for labels