Features 11017 and 11018: setup of mgmt cluster and git repo
This change incorporates the changes to setup a mgmt cluster for
cloud-native operations in OSM following a GitOps model, which includes
the setup of an internal git repository.
Change-Id: If828d18ad64d852a9a89ec9ba7c2d3a96d281565
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/mgmt-cluster/flux/scripts/add-age-key-to-cluster.sh b/installers/mgmt-cluster/flux/scripts/add-age-key-to-cluster.sh
new file mode 100755
index 0000000..9d5e52b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/add-age-key-to-cluster.sh
@@ -0,0 +1,51 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+AGE_KEY_NAME="$1"
+CLUSTER_DIR="$2"
+
+# Load the contents of both keys
+export PRIVATE_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key")
+export PUBLIC_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub")
+
+# Add the `age` private key to the cluster as secret:
+kubectl delete secret sops-age --namespace=flux-system 2> /dev/null || true
+# cat "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key" |
+echo "${PRIVATE_KEY}" |
+ kubectl create secret generic sops-age \
+ --namespace=flux-system \
+ --from-file=age.agekey=/dev/stdin
+
+# Create SOPS configuration at the root folder of the management cluster:
+cat <<EOF > "${CLUSTER_DIR}/.sops.yaml"
+creation_rules:
+ - encrypted_regex: ^(data|stringData)$
+ age: ${PUBLIC_KEY}
+ # - path_regex: .*.yaml
+ # encrypted_regex: ^(data|stringData)$
+ # age: ${PUBLIC_KEY}
+EOF
+
+# Add also the public key to the repository so that others who clone the repo can encrypt new files:
+cp "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub" "${CLUSTER_DIR}/.sops.pub.asc"
diff --git a/installers/mgmt-cluster/flux/scripts/clone-relevant-repos.sh b/installers/mgmt-cluster/flux/scripts/clone-relevant-repos.sh
new file mode 100755
index 0000000..93ffad9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/clone-relevant-repos.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+# Creates base dir in case it did not exist
+mkdir -p "${WORK_REPOS_DIR}"
+
+# Clones `fleet-osm` repo
+[[ "${REMOVE_LOCAL_DIR_BEFORE_CLONING}" == "true" ]] && rm -rf "${FLEET_REPO_DIR}"
+git clone ${GITEA_SSH_URL}/${GITEA_STD_USERNAME}/fleet-osm.git "${FLEET_REPO_DIR}"
+
+# Clones `sw-catalogs-osm` repo
+[[ "${REMOVE_LOCAL_DIR_BEFORE_CLONING}" == "true" ]] && rm -rf "${SW_CATALOGS_REPO_DIR}"
+git clone ${GITEA_SSH_URL}/${GITEA_STD_USERNAME}/sw-catalogs-osm.git "${SW_CATALOGS_REPO_DIR}"
+
+# Forces `main` instead of `master` as default branch
+pushd "${FLEET_REPO_DIR}" > /dev/null
+git symbolic-ref HEAD refs/heads/main
+popd > /dev/null
+pushd "${SW_CATALOGS_REPO_DIR}" > /dev/null
+git symbolic-ref HEAD refs/heads/main
+popd > /dev/null
diff --git a/installers/mgmt-cluster/flux/scripts/create-age-keypair.sh b/installers/mgmt-cluster/flux/scripts/create-age-keypair.sh
new file mode 100755
index 0000000..d3dd9b1
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/create-age-keypair.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+AGE_KEY_NAME="$1"
+
+# Delete the keys in case they existed already
+rm -f "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key" "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub"
+
+# Private key
+age-keygen -o "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key"
+
+# Public key (extracted from comment at private key)
+age-keygen -y "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key" > "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub"
diff --git a/installers/mgmt-cluster/flux/scripts/create-new-cluster-folder-structure.sh b/installers/mgmt-cluster/flux/scripts/create-new-cluster-folder-structure.sh
new file mode 100755
index 0000000..9263d74
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/create-new-cluster-folder-structure.sh
@@ -0,0 +1,201 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+
+# Input values
+export CLUSTER_DIR="$1"
+export PROJECT_DIR="$2"
+export PROFILE_NAME="$3"
+export TEMPLATES_DIR="$4"
+export PUBLIC_KEY="$5"
+
+
+# Helper functions to create the profile ConfigMaps
+function safe_name() {
+ echo "$1" | \
+ sed '/\.\// s|./||' | \
+ sed 's|\.|-|g' | \
+ sed 's|/|-|g' | \
+ sed 's|_|-|g' | \
+ sed 's| |-|g'
+}
+
+function create_profile_configmap() {
+ local CONFIGMAP_NAME=$(safe_name "$1")
+ local PROFILE_REPO_URL="$2"
+ local PROFILE_PATH="$3"
+ kubectl create configmap ${CONFIGMAP_NAME} \
+ --namespace flux-system \
+ --from-literal=repo="${PROFILE_REPO_URL}" \
+ --from-literal=path="${PROFILE_PATH}" \
+ -o yaml \
+ --dry-run=client
+}
+
+# Helper functions to clone secret from one namespace to other
+function clone_secret_to_new_ns_stdout() {
+ local SECRET_NAME="$1"
+ local SOURCE_NS="$2"
+ local DESTINATION_NS="$3"
+
+ kubectl get secret "${SECRET_NAME}" -n "${SOURCE_NS}" -o yaml | \
+ yq 'del(.metadata.uid) | del(.metadata.resourceVersion) | del(.metadata.creationTimestamp)' | \
+ yq ".metadata.namespace = \"${DESTINATION_NS}\""
+}
+
+# Helper function to encrypt secrets from stdin
+function encrypt_secret_from_stdin() {
+ local PUBLIC_KEY="$1"
+
+ # Save secret manifest to temporary file
+ local TMPFILE=$(mktemp /tmp/secret.XXXXXXXXXX.yaml) || exit 1
+ cat > "${TMPFILE}"
+
+ # Encrypt
+ sops \
+ --age=${PUBLIC_KEY} \
+ --encrypt \
+ --encrypted-regex '^(data|stringData)$' \
+ --in-place "${TMPFILE}"
+
+ # Outputs the result and removes the temporary file
+ cat "${TMPFILE}" && rm -f "${TMPFILE}"
+}
+
+# Creates all folders in the profile (as well as env var aliases)
+export ADDON_CTRL_DIR="${PROJECT_DIR}/infra-controller-profiles/${PROFILE_NAME}"
+export ADDON_CONFIG_DIR="${PROJECT_DIR}/infra-config-profiles/${PROFILE_NAME}"
+export RESOURCES_DIR="${PROJECT_DIR}/managed-resources/${PROFILE_NAME}"
+export APPS_DIR="${PROJECT_DIR}/app-profiles/${PROFILE_NAME}"
+mkdir -p "${ADDON_CTRL_DIR}"
+mkdir -p "${ADDON_CONFIG_DIR}"
+mkdir -p "${RESOURCES_DIR}"
+mkdir -p "${APPS_DIR}"
+
+# Copies the templates for cluster setup
+cp "${TEMPLATES_DIR}"/* "${CLUSTER_DIR}/"
+
+# Repo URLs
+export FLEET_REPO_URL="${GITEA_HTTP_URL}/${GITEA_STD_USERNAME}/fleet-osm.git"
+export SW_CATALOGS_REPO_URL="${GITEA_HTTP_URL}/${GITEA_STD_USERNAME}/sw-catalogs-osm.git"
+export INFRA_CONTROLLERS_PATH="./${MGMT_PROJECT_NAME}/infra-controller-profiles/_management"
+export INFRA_CONFIGS_PATH="./${MGMT_PROJECT_NAME}/infra-config-profiles/_management"
+export MANAGED_RESOURCES_PATH="./${MGMT_PROJECT_NAME}/managed-resources/_management"
+export APPS_PATH="./${MGMT_PROJECT_NAME}/app-profiles/_management"
+
+# Render Flux `GitRepository` objects with proper Git URL and relative repo paths
+envsubst < "${TEMPLATES_DIR}/fleet-repo.yaml" > "${CLUSTER_DIR}/fleet-repo.yaml"
+envsubst < "${TEMPLATES_DIR}/sw-catalogs-repo.yaml" > "${CLUSTER_DIR}/sw-catalogs-repo.yaml"
+
+# Secrets to access both Git repos
+# (NOTE: these are the last secrets to be added imperatively)
+kubectl delete secret fleet-repo --namespace flux-system 2> /dev/null || true
+kubectl create secret generic fleet-repo \
+ --namespace flux-system \
+ --from-literal=username="${GITEA_STD_USERNAME}" \
+ --from-literal=password="${GITEA_STD_USER_PASS}"
+
+kubectl delete secret sw-catalogs --namespace flux-system 2> /dev/null || true
+kubectl create secret generic sw-catalogs \
+ --namespace flux-system \
+ --from-literal=username="${GITEA_STD_USERNAME}" \
+ --from-literal=password="${GITEA_STD_USER_PASS}"
+
+# Render Flux `Kustomizations` to sync with default profiles
+envsubst < "${TEMPLATES_DIR}/infra-controllers.yaml" > "${CLUSTER_DIR}/infra-controllers.yaml"
+envsubst < "${TEMPLATES_DIR}/infra-configs.yaml" > "${CLUSTER_DIR}/infra-configs.yaml"
+envsubst < "${TEMPLATES_DIR}/managed-resources.yaml" > "${CLUSTER_DIR}/managed-resources.yaml"
+envsubst < "${TEMPLATES_DIR}/apps.yaml" > "${CLUSTER_DIR}/apps.yaml"
+
+# Create `ConfigMaps` into profiles (and `Namespace` specs when needed) to avoid sync errors
+## Infra controllers ConfigMap
+CONFIGMAP_NAME="infra-controllers"
+PROFILE_REPO_URL="${FLEET_REPO_URL}"
+PROFILE_PATH="${INFRA_CONTROLLERS_PATH}"
+create_profile_configmap \
+ "${CONFIGMAP_NAME}" \
+ "${PROFILE_REPO_URL}" \
+ "${PROFILE_PATH}" \
+ > "${ADDON_CTRL_DIR}/profile-configmap.yaml"
+
+## Infra configurations ConfigMap
+CONFIGMAP_NAME="infra-configs"
+PROFILE_REPO_URL="${FLEET_REPO_URL}"
+PROFILE_PATH="${INFRA_CONFIGS_PATH}"
+create_profile_configmap \
+ "${CONFIGMAP_NAME}" \
+ "${PROFILE_REPO_URL}" \
+ "${PROFILE_PATH}" \
+ > "${ADDON_CONFIG_DIR}/profile-configmap.yaml"
+
+## Managed resources ConfigMap
+CONFIGMAP_NAME="managed-resources"
+PROFILE_REPO_URL="${FLEET_REPO_URL}"
+PROFILE_PATH="${MANAGED_RESOURCES_PATH}"
+create_profile_configmap \
+ "${CONFIGMAP_NAME}" \
+ "${PROFILE_REPO_URL}" \
+ "${PROFILE_PATH}" \
+ > "${RESOURCES_DIR}/profile-configmap.yaml"
+
+## Managed resources namespace
+kubectl create ns ${CONFIGMAP_NAME} \
+ -o yaml \
+ --dry-run=client \
+ > "${RESOURCES_DIR}/namespace.yaml"
+
+### Copy secrets for Git repos from `flux-system` to `managed-resources` namespace
+clone_secret_to_new_ns_stdout \
+ flux-system \
+ flux-system \
+ "${CONFIGMAP_NAME}" | \
+encrypt_secret_from_stdin \
+ "${PUBLIC_KEY}" \
+> "${RESOURCES_DIR}/secret-flux-system.yaml"
+
+clone_secret_to_new_ns_stdout \
+ fleet-repo \
+ flux-system \
+ "${CONFIGMAP_NAME}" | \
+encrypt_secret_from_stdin \
+ "${PUBLIC_KEY}" \
+> "${RESOURCES_DIR}/secret-fleet-repo.yaml"
+
+clone_secret_to_new_ns_stdout \
+ sw-catalogs \
+ flux-system \
+ "${CONFIGMAP_NAME}" | \
+encrypt_secret_from_stdin \
+ "${PUBLIC_KEY}" \
+> "${RESOURCES_DIR}/secret-sw-catalogs.yaml"
+
+## Apps ConfigMap
+CONFIGMAP_NAME="apps"
+PROFILE_REPO_URL="${FLEET_REPO_URL}"
+PROFILE_PATH="${APPS_PATH}"
+create_profile_configmap \
+ "${CONFIGMAP_NAME}" \
+ "${PROFILE_REPO_URL}" \
+ "${PROFILE_PATH}" \
+ > "${APPS_DIR}/profile-configmap.yaml"
diff --git a/installers/mgmt-cluster/flux/scripts/helper-functions.rc b/installers/mgmt-cluster/flux/scripts/helper-functions.rc
new file mode 100644
index 0000000..adc326d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/helper-functions.rc
@@ -0,0 +1,34 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+
+# Helper function to encrypt secrets in-place in manifest file
+function encrypt_secret_inplace() {
+ local FILE="$1"
+ local AGE_KEY_NAME=${AGE_KEY_NAME_MGMT:-"$2"}
+
+ # Load the contents of both keys
+ local PUBLIC_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub")
+ # local PRIVATE_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key")
+
+ sops \
+ --age=${PUBLIC_KEY} \
+ --encrypt \
+ --encrypted-regex '^(data|stringData)$' \
+ --in-place "${FILE}"
+}
diff --git a/installers/mgmt-cluster/flux/scripts/library/functions.sh b/installers/mgmt-cluster/flux/scripts/library/functions.sh
new file mode 100755
index 0000000..638a1d2
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/library/functions.sh
@@ -0,0 +1,91 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+RESET='\033[0m'
+
+# Colored messages (blue is the default)
+# Examples:
+# m "hello world"
+# m "hello world" "$GREEN"
+function m() {
+ local COLOR=${2:-$BLUE}
+ echo -e "$COLOR$1$RESET"
+}
+
+function copy_function() {
+ local ORIG_FUNC=$(declare -f $1)
+ local NEWNAME_FUNC="$2${ORIG_FUNC#$1}"
+ eval "$NEWNAME_FUNC"
+}
+
+function replace_text() {
+ local FILE=$1
+ local START=$2
+ local END=$3
+ local NEW=$4
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ echo "$NEW" >> "$T"
+ tail -n +$((END+1)) "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function insert_text() {
+ local FILE=$1
+ local START=$2
+ local NEW=$3
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ echo "$NEW" >> "$T"
+ tail -n +$START "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function remove_text() {
+ local FILE=$1
+ local START=$2
+ local END=$3
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ tail -n +$((END+1)) "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function envsubst_cp() {
+ local FROM_FILE=$1
+ local TO_FILE=$2
+ mkdir --parents "$(dirname "$TO_FILE")"
+ cat "$FROM_FILE" | envsubst > "$TO_FILE"
+}
+
+function envsubst_dir() {
+ local FROM_DIR=$1
+ local TO_DIR=$2
+ rm --recursive --force "$TO_DIR"
+ mkdir --parents "$TO_DIR"
+ pushd "$FROM_DIR" > /dev/null
+ local F
+ find . -type f | while read F; do
+ envsubst_cp "$F" "$TO_DIR/$F"
+ done
+ popd > /dev/null
+}
diff --git a/installers/mgmt-cluster/flux/scripts/library/trap.sh b/installers/mgmt-cluster/flux/scripts/library/trap.sh
new file mode 100755
index 0000000..2a1156d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/library/trap.sh
@@ -0,0 +1,48 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+function goodbye() {
+ local DURATION=$(date --date=@$(( "$(date +%s)" - "$TRAP_START_TIME" )) --utc +%T)
+ local CODE=$1
+ cd "$TRAP_DIR"
+ if [ "$CODE" == 0 ]; then
+ m "$(realpath --relative-to="$HERE" "$0") succeeded! $DURATION" "$GREEN"
+ elif [ "$CODE" == abort ]; then
+ m "Aborted $(realpath --relative-to="$HERE" "$0")! $DURATION" "$RED"
+ else
+ m "Oh no! $(realpath --relative-to="$HERE" "$0") failed! $DURATION" "$RED"
+ fi
+}
+
+function trap_EXIT() {
+ local ERR=$?
+ goodbye "$ERR"
+ exit "$ERR"
+}
+
+function trap_INT() {
+ goodbye abort
+ trap - EXIT
+ exit 1
+}
+
+TRAP_DIR=$PWD
+TRAP_START_TIME=$(date +%s)
+
+trap trap_INT INT
+
+trap trap_EXIT EXIT
diff --git a/installers/mgmt-cluster/flux/scripts/mgmt-cluster-bootstrap.sh b/installers/mgmt-cluster/flux/scripts/mgmt-cluster-bootstrap.sh
new file mode 100755
index 0000000..9cbda51
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/mgmt-cluster-bootstrap.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+# Bootstrap
+REPO=fleet-osm
+GIT_PATH=./clusters/_management
+GIT_BRANCH=main
+GIT_HTTP_URL=${GITEA_HTTP_URL}/${GITEA_STD_USERNAME}/${REPO}.git
+flux bootstrap git \
+ --url=${GIT_HTTP_URL} \
+ --allow-insecure-http=true \
+ --username=${GITEA_STD_USERNAME} \
+ --password="${GITEA_STD_USER_PASS}" \
+ --token-auth=true \
+ --branch=${GIT_BRANCH} \
+ --path=${GIT_PATH}
+
+# Check if successful
+flux check
diff --git a/installers/mgmt-cluster/flux/scripts/watch-mgmt-cluster.sh b/installers/mgmt-cluster/flux/scripts/watch-mgmt-cluster.sh
new file mode 100755
index 0000000..f934ee8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/watch-mgmt-cluster.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+
+watch "kubectl get managed; kubectl get kustomizations -A; kubectl get helmreleases -A"
diff --git a/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/apps.yaml b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/apps.yaml
new file mode 100644
index 0000000..607b8c9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/apps.yaml
@@ -0,0 +1,41 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: apps
+ namespace: flux-system
+ labels:
+ osm_profile_type: apps
+spec:
+ interval: 10m0s
+ dependsOn:
+ - name: infra-configs
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${APPS_PATH}
+ prune: true
+ wait: true
+ timeout: 5m0s
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/fleet-repo.yaml b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/fleet-repo.yaml
new file mode 100644
index 0000000..4f70cd7
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/fleet-repo.yaml
@@ -0,0 +1,30 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: fleet-repo
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: fleet-repo
+ url: ${FLEET_REPO_URL}
diff --git a/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/infra-configs.yaml b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/infra-configs.yaml
new file mode 100644
index 0000000..d2879eb
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/infra-configs.yaml
@@ -0,0 +1,49 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: infra-configs
+ namespace: flux-system
+ labels:
+ osm_profile_type: infra-configs
+spec:
+ dependsOn:
+ - name: infra-controllers
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${INFRA_CONFIGS_PATH}
+ prune: true
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ # patches:
+ # - patch: |
+ # - op: replace
+ # path: /spec/acme/server
+ # value: https://acme-v02.api.letsencrypt.org/directory
+ # target:
+ # kind: ClusterIssuer
+ # name: letsencrypt
diff --git a/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/infra-controllers.yaml b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/infra-controllers.yaml
new file mode 100644
index 0000000..671afc8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/infra-controllers.yaml
@@ -0,0 +1,40 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: infra-controllers
+ namespace: flux-system
+ labels:
+ osm_profile_type: infra-controllers
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${INFRA_CONTROLLERS_PATH}
+ prune: true
+ wait: true
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/kustomization.yaml b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/kustomization.yaml
new file mode 100644
index 0000000..6e3c9af
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/kustomization.yaml
@@ -0,0 +1,36 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Repos
+ - fleet-repo.yaml
+ - sw-catalogs-repo.yaml
+
+ # Base cluster structure (CRDs, operators and their configs)
+ - infra-controllers.yaml
+ - infra-configs.yaml
+
+ # Managed resources
+ - managed-resources.yaml
+
+ # Managed apps
+ - apps.yaml
+
+ # Adds also the `flux-system` folder to preserve bootstrap structure
+ - flux-system
diff --git a/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/managed-resources.yaml b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/managed-resources.yaml
new file mode 100644
index 0000000..2d59cc9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/managed-resources.yaml
@@ -0,0 +1,52 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+# apiVersion: v1
+# kind: Namespace
+# metadata:
+# name: managed-resources
+
+---
+# Managed resources
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: managed-resources
+ namespace: flux-system
+ labels:
+ osm_profile_type: managed-resources
+spec:
+ # interval: 10m0s
+ interval: 7m0s
+ dependsOn:
+ - name: infra-configs
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${MANAGED_RESOURCES_PATH}
+ prune: true
+ wait: true
+ # timeout: 5m0s
+ timeout: 7m0s
+ retryInterval: 2m0s
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/sw-catalogs-repo.yaml b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/sw-catalogs-repo.yaml
new file mode 100644
index 0000000..75bc138
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/fleet/clusters/_management/sw-catalogs-repo.yaml
@@ -0,0 +1,30 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: sw-catalogs
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: sw-catalogs
+ url: ${SW_CATALOGS_REPO_URL}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/manifests/bitnamicharts-repo.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/manifests/bitnamicharts-repo.yaml
new file mode 100644
index 0000000..354b837
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/manifests/bitnamicharts-repo.yaml
@@ -0,0 +1,27 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: bitnamicharts
+ namespace: jenkins
+spec:
+ interval: 10m0s
+ type: oci
+ url: oci://registry-1.docker.io/bitnamicharts
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/manifests/jenkins-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/manifests/jenkins-hr.yaml
new file mode 100644
index 0000000..c87a95e
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/manifests/jenkins-hr.yaml
@@ -0,0 +1,37 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: jenkins
+ namespace: jenkins
+spec:
+ chart:
+ spec:
+ chart: jenkins
+ reconcileStrategy: ChartVersion
+ sourceRef:
+ kind: HelmRepository
+ name: bitnamicharts
+ namespace: jenkins
+ install:
+ createNamespace: true
+ interval: 3m0s
+ targetNamespace: jenkins
+ values: {}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/templates/jenkins-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/templates/jenkins-ks.yaml
new file mode 100644
index 0000000..bbf4d7b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/templates/jenkins-ks.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: jenkins
+ namespace: jenkins
+spec:
+ interval: 1h0m0s
+ path: ./apps/jenkins/manifests
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/templates/jenkins-ns.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/templates/jenkins-ns.yaml
new file mode 100644
index 0000000..ca2fff8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/apps/jenkins/templates/jenkins-ns.yaml
@@ -0,0 +1,24 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ creationTimestamp: null
+ name: jenkins
+spec: {}
+status: {}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/aks/manifests/aks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/aks/manifests/aks.yaml
new file mode 100644
index 0000000..b27b714
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/aks/manifests/aks.yaml
@@ -0,0 +1,53 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: containerservice.azure.upbound.io/v1beta1
+kind: KubernetesCluster
+metadata:
+ name: ${cluster_resource_name}
+spec:
+ forProvider:
+ # Force K8s version
+ # kubernetesVersion: 1.26
+ defaultNodePool:
+ - name: default
+ nodeCount: 1
+ # nodeCount: ${node_count}
+ # vmSize: Standard_D2_v2
+ vmSize: ${vm_size}
+ dnsPrefix: pref-${cluster_resource_name}
+ identity:
+ - type: SystemAssigned
+ location: ${cluster_location}
+ resourceGroupName: ${rg_name}
+ # # In case we had created the RG with CrossPlane:
+ # resourceGroupNameSelector:
+ # matchLabels:
+ # testing.upbound.io/example-name: example
+ # tags:
+ # Environment: Production
+ publishConnectionDetailsTo:
+ # name: kubeconfig-myakscluster01
+ name: kubeconfig-${cluster_resource_name}
+ writeConnectionSecretToRef:
+ # name: kubeconfig-myakscluster01
+ name: kubeconfig-${cluster_resource_name}
+ # namespace: crossplane-system
+ namespace: managed-resources
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/aks/templates/aks01.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/aks/templates/aks01.yaml
new file mode 100644
index 0000000..ad3e23d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/aks/templates/aks01.yaml
@@ -0,0 +1,92 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# TEMPLATE_PARAMETERS:
+# ===================
+#
+# CLUSTER_KUSTOMIZATION_NAME: Name of the Kustomization in the management cluster representing the AKS cluster.
+# - Alternatively, it can be patched at:
+# .metadata.name
+# .metadata.labels.cluster
+# .spec.commonMetadata.labels.cluster
+#
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .spec.postBuild.substitute.providerconfig_name: Name of the Azure ProviderConfig to use to create the AKS cluster.
+# .spec.postBuild.substitute.cluster_name: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
+# .spec.postBuild.substitute.k8s_version: Kubernetes version.
+# .spec.postBuild.substitute.node_count: Number of worker nodes.
+# .spec.postBuild.substitute.vm_size: Flavor of worker node VMs.
+# .spec.postBuild.substitute.cluster_location: Target cluster region.
+# .spec.postBuild.substitute.rg_name: Target Resource Group.
+
+# Cluster resource
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ commonMetadata:
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/aks/manifests
+ prune: true
+ wait: true
+ # force: true
+ patches:
+ - patch: |-
+ apiVersion: containerservice.azure.upbound.io/v1beta1
+ kind: KubernetesCluster
+ metadata:
+ name: ${cluster_resource_name}
+ spec:
+ forProvider:
+ # Comment for latest version (creation only):
+ kubernetesVersion: "${k8s_version}"
+
+ defaultNodePool:
+ - name: default
+ # nodeCount: 1 # Edit to change no. workers
+ nodeCount: ${node_count}
+
+ # Comment for latest version (creation only):
+ orchestratorVersion: "${k8s_version}"
+ vmSize: ${vm_size}
+ # Input parameters
+ postBuild:
+ substitute:
+ providerconfig_name: default
+ cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
+ cluster_name: myakscluster01
+ k8s_version: "'1.27'"
+ node_count: "1"
+ vm_size: Standard_D2_v2
+ cluster_location: West Europe
+ # AKS only
+ rg_name: CloudNative-OSM
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/azure-mysql/manifests/dbformysql.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/azure-mysql/manifests/dbformysql.yaml
new file mode 100644
index 0000000..e50d695
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/azure-mysql/manifests/dbformysql.yaml
@@ -0,0 +1,97 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: dbformysql.azure.upbound.io/v1beta1
+kind: Database
+metadata:
+ # annotations:
+ # meta.upbound.io/example-id: dbformysql/v1beta1/database
+ labels:
+ testing.upbound.io/name: ${database_name}
+ name: ${database_name}
+spec:
+ forProvider:
+ charset: utf8
+ collation: utf8_unicode_ci
+ resourceGroupName: ${resource_group}
+ # resourceGroupNameSelector:
+ # matchLabels:
+ # testing.upbound.io/name: ${database_name}
+ serverNameSelector:
+ matchLabels:
+ testing.upbound.io/name: ${database_name}
+
+---
+
+apiVersion: dbformysql.azure.upbound.io/v1beta1
+kind: Server
+metadata:
+ # annotations:
+ # meta.upbound.io/example-id: dbformysql/v1beta1/database
+ labels:
+ testing.upbound.io/name: ${database_name}
+ name: server-${database_name}
+spec:
+ forProvider:
+ administratorLogin: ${admin_user}
+ administratorLoginPasswordSecretRef:
+ key: key
+ name: ${database_secret_name}
+ namespace: ${database_secret_namespace}
+ autoGrowEnabled: true
+ backupRetentionDays: 7
+ geoRedundantBackupEnabled: true
+ infrastructureEncryptionEnabled: true
+ location: ${region}
+ publicNetworkAccessEnabled: false
+ resourceGroupName: ${resource_group}
+ # resourceGroupNameSelector:
+ # matchLabels:
+ # testing.upbound.io/name: ${database_name}
+ # skuName: GP_Gen5_2
+ skuName: ${sku_name:=GP_Gen5_2}
+ sslEnforcementEnabled: true
+ sslMinimalTlsVersionEnforced: TLS1_2
+ # storageMb: 5120
+ storageMb: ${storage_mb:=5120}
+ version: "5.7"
+
+# ---
+
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# name: example-secret
+# namespace: upbound-system
+# type: Opaque
+# stringData:
+# example-key: dGVzdFBhc3N3b3JkITEyMw==
+
+# ---
+
+# apiVersion: azure.upbound.io/v1beta1
+# kind: ResourceGroup
+# metadata:
+# annotations:
+# meta.upbound.io/example-id: dbformysql/v1beta1/database
+# labels:
+# testing.upbound.io/name: ${database_name}
+# name: ${database_name}
+# spec:
+# forProvider:
+# location: West Europe
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/azure-mysql/templates/azure-mysql01.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/azure-mysql/templates/azure-mysql01.yaml
new file mode 100644
index 0000000..3150e1b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/azure-mysql/templates/azure-mysql01.yaml
@@ -0,0 +1,47 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Database resource
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: azure-mysql01
+ namespace: managed-resources
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/azure-mysql/resources
+ prune: true
+ wait: true
+
+ # Input parameters
+ postBuild:
+ substitute:
+ database_name: azure-mysql01
+ resource_group: CloudNative-InfraMgmt-CTIO
+ region: West Europe
+ admin_user: MyDemoUser123
+ database_secret_name: database-secret
+ database_secret_namespace: managed-resources
+ # sku_name: GP_Gen5_2
+ # storage_mb: 5120
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml
new file mode 100644
index 0000000..59b0b44
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml
@@ -0,0 +1,67 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: Cluster
+metadata:
+ name: ${cluster_resource_name}-cluster
+ annotations:
+ crossplane.io/external-name: ${cluster_name}
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+spec:
+ forProvider:
+ region: ${cluster_location}
+ version: ${k8s_version}
+ roleArnSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ vpcConfig:
+ - endpointPrivateAccess: true
+ endpointPublicAccess: true
+ subnetIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: subnet
+ access: private
+ publishConnectionDetailsTo:
+ name: kubeconfig-${cluster_resource_name}
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: ClusterAuth
+metadata:
+ name: ${cluster_resource_name}-clusterauth
+spec:
+ forProvider:
+ region: ${cluster_location}
+ clusterName: ${cluster_name}
+ writeConnectionSecretToRef:
+ namespace: managed-resources
+ name: kubeconfig-${cluster_resource_name}
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml
new file mode 100644
index 0000000..f25f1d9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml
@@ -0,0 +1,55 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: NodeGroup
+metadata:
+ name: ${cluster_resource_name}-nodegroup
+ annotations:
+ crossplane.io/external-name: ${cluster_name}-nodegroup
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ region: ${cluster_location}
+ clusterNameSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ nodeRoleArnSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: ec2
+ subnetIdSelector:
+ matchLabels:
+ type: subnet
+ access: private
+ scalingConfig:
+ - minSize: 1
+ desiredSize: ${node_count}
+ maxSize: 10
+ diskSize: 30
+ instanceTypes:
+ - ${vm_size}
+ tags:
+ Name: ${cluster_name}
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
new file mode 100644
index 0000000..3e61f81
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
@@ -0,0 +1,136 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-cluster
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-service
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArn: arn:aws:iam::aws:policy/AmazonEKSServicePolicy
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-vpccontroller
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArn: arn:aws:iam::aws:policy/AmazonEKSVPCResourceController
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-worker
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: ec2
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-cni
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: ec2
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-registry
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: ec2
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
new file mode 100644
index 0000000..03ae559
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
@@ -0,0 +1,84 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Role
+metadata:
+ name: ${cluster_resource_name}-eks
+ annotations:
+ crossplane.io/external-name: ${cluster_name}-masterRole
+ labels:
+ provider: aws
+ cluster: eks
+ type: cluster
+spec:
+ forProvider:
+ assumeRolePolicy: |
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Principal": {
+ "Service": [
+ "eks.amazonaws.com"
+ ]
+ },
+ "Action": [
+ "sts:AssumeRole"
+ ]
+ }
+ ]
+ }
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Role
+metadata:
+ name: ${cluster_resource_name}-ec2
+ annotations:
+ crossplane.io/external-name: ${cluster_name}-nodeRole
+ labels:
+ provider: aws
+ cluster: eks
+ type: ec2
+spec:
+ forProvider:
+ assumeRolePolicy: |
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Principal": {
+ "Service": [
+ "ec2.amazonaws.com"
+ ]
+ },
+ "Action": [
+ "sts:AssumeRole"
+ ]
+ }
+ ]
+ }
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
new file mode 100644
index 0000000..96255f8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
@@ -0,0 +1,89 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: EIP
+metadata:
+ name: ${cluster_resource_name}-eip
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: eip
+spec:
+ forProvider:
+ region: ${cluster_location}
+ domain: vpc
+ tags:
+ key: Name
+ value: ${cluster_name}-eip
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: InternetGateway
+metadata:
+ name: ${cluster_resource_name}-igw
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: igw
+spec:
+ forProvider:
+ region: ${cluster_location}
+ vpcIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ tags:
+ Name: ${cluster_name}-igw
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: NATGateway
+metadata:
+ name: ${cluster_resource_name}-natgw
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: natgw
+spec:
+ forProvider:
+ region: ${cluster_location}
+ connectivityType: public
+ allocationIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: eip
+ subnetIdSelector:
+ matchLabels:
+ type: subnet
+ provider: aws
+ cluster: ${cluster_resource_name}
+ zone: ${cluster_location}a
+ access: public
+ tags:
+ Name: ${cluster_name}-natgw
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
new file mode 100644
index 0000000..b9d57ba
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
@@ -0,0 +1,228 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta2
+kind: Route
+metadata:
+ name: ${cluster_resource_name}-public-route
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ region: ${cluster_location}
+ destinationCidrBlock: 0.0.0.0/0
+ gatewayIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: igw
+ routeTableIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: public
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta2
+kind: Route
+metadata:
+ name: ${cluster_resource_name}-private-route
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ region: ${cluster_location}
+ destinationCidrBlock: 0.0.0.0/0
+ natGatewayIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: natgw
+ routeTableIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: private
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTable
+metadata:
+ name: ${cluster_resource_name}-public-route-table
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: public
+spec:
+ forProvider:
+ region: ${cluster_location}
+ vpcIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ tags:
+ Name: ${cluster_name}-public-route-table
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTable
+metadata:
+ name: ${cluster_resource_name}-private-route-table
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: private
+spec:
+ forProvider:
+ region: ${cluster_location}
+ vpcIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ tags:
+ Name: ${cluster_name}-private-route-table
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTableAssociation
+metadata:
+ name: ${cluster_resource_name}-public-route-association-1a
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ region: ${cluster_location}
+ subnetIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: subnet
+ access: public
+ zone: ${cluster_location}a
+ routeTableIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: public
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTableAssociation
+metadata:
+ name: ${cluster_resource_name}-public-route-association-1b
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ region: ${cluster_location}
+ subnetIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: subnet
+ access: public
+ zone: ${cluster_location}b
+ routeTableIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: public
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTableAssociation
+metadata:
+ name: ${cluster_resource_name}-private-route-association-1a
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ region: ${cluster_location}
+ subnetIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: subnet
+ access: private
+ zone: ${cluster_location}a
+ routeTableIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: private
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTableAssociation
+metadata:
+ name: ${cluster_resource_name}-private-route-association-1b
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ region: ${cluster_location}
+ subnetIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: subnet
+ access: private
+ zone: ${cluster_location}b
+ routeTableIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: routetable
+ access: private
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
new file mode 100644
index 0000000..bffbfc3
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
@@ -0,0 +1,130 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+ name: ${cluster_resource_name}-public-subnet-${cluster_location}a
+ labels:
+ type: subnet
+ provider: aws
+ cluster: ${cluster_resource_name}
+ zone: ${cluster_location}a
+ access: public
+spec:
+ forProvider:
+ region: ${cluster_location}
+ availabilityZone: ${cluster_location}a
+ cidrBlock: 10.10.0.0/24
+ vpcIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ mapPublicIpOnLaunch: true
+ tags:
+ kubernetes.io/role/elb: "1"
+ Name: ${cluster_name}-public-subnet-${cluster_location}a
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+ name: ${cluster_resource_name}-public-subnet-${cluster_location}b
+ labels:
+ type: subnet
+ provider: aws
+ cluster: ${cluster_resource_name}
+ zone: ${cluster_location}b
+ access: public
+spec:
+ forProvider:
+ region: ${cluster_location}
+ availabilityZone: ${cluster_location}b
+ cidrBlock: 10.10.1.0/24
+ vpcIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ mapPublicIpOnLaunch: true
+ tags:
+ kubernetes.io/role/elb: "1"
+ Name: ${cluster_name}-public-subnet-${cluster_location}b
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+ name: ${cluster_resource_name}-private-subnet-${cluster_location}a
+ labels:
+ type: subnet
+ provider: aws
+ cluster: ${cluster_resource_name}
+ zone: ${cluster_location}a
+ access: private
+spec:
+ forProvider:
+ region: ${cluster_location}
+ availabilityZone: ${cluster_location}a
+ cidrBlock: 10.10.2.0/24
+ vpcIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ mapPublicIpOnLaunch: false
+ tags:
+ kubernetes.io/role/elb: "1"
+ Name: ${cluster_name}-private-subnet-${cluster_location}a
+ kubernetes.io/cluster/{cluster_name}: shared
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+ name: ${cluster_resource_name}-private-subnet-${cluster_location}b
+ labels:
+ type: subnet
+ provider: aws
+ cluster: ${cluster_resource_name}
+ zone: ${cluster_location}b
+ access: private
+spec:
+ forProvider:
+ region: ${cluster_location}
+ availabilityZone: ${cluster_location}b
+ cidrBlock: 10.10.3.0/24
+ vpcIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ mapPublicIpOnLaunch: false
+ tags:
+ kubernetes.io/role/elb: "1"
+ Name: ${cluster_name}-private-subnet-${cluster_location}b
+ kubernetes.io/cluster/{cluster_name}: shared
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
new file mode 100644
index 0000000..b643ba3
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
@@ -0,0 +1,36 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: VPC
+metadata:
+ name: ${cluster_resource_name}-vpc
+ labels:
+ provider: aws
+ cluster: eks
+spec:
+ forProvider:
+ region: ${cluster_location}
+ cidrBlock: 10.10.0.0/16
+ enableDnsHostnames: true
+ enableDnsSupport: true
+ tags:
+ Name: ${cluster_name}-vpc
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
new file mode 100644
index 0000000..0972827
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
@@ -0,0 +1,71 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# TEMPLATE_PARAMETERS:
+# ===================
+#
+# CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (e.g., for `Kustomization`s).
+# - Alternatively, it can be patched at:
+# .metadata.name
+# .metadata.labels.cluster
+# .spec.commonMetadata.labels.cluster
+# .spec.postBuild.substitute.cluster_resource_name
+#
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .spec.postBuild.substitute.providerconfig_name: Name of the AWS ProviderConfig to use to create the EKS cluster.
+# .spec.postBuild.substitute.cluster_name: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
+# .spec.postBuild.substitute.k8s_version: Kubernetes version.
+# .spec.postBuild.substitute.node_count: Number of worker nodes.
+# .spec.postBuild.substitute.vm_size: Flavor of worker node VMs.
+# .spec.postBuild.substitute.cluster_location: Target cluster region.
+
+# Cluster resource
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ commonMetadata:
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/eks/manifests/
+ prune: true
+ # force: true
+ wait: true
+ # Input parameters
+ postBuild:
+ substitute:
+ providerconfig_name: default
+ cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
+ cluster_name: ekscluster01
+ k8s_version: "'1.28'"
+ node_count: "1"
+ vm_size: t3.medium
+ cluster_location: ap-south-1
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces/namespaces.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces/namespaces.yaml
new file mode 100644
index 0000000..4bd715c
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces/namespaces.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Remote namespace `flux-system`
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: flux-system
+
+---
+# Remote namespace `managed-resources`
+# - Required for Helm deployments from management cluster
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: managed-resources
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret/secret-template.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret/secret-template.yaml
new file mode 100644
index 0000000..3a9d7eb
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret/secret-template.yaml
@@ -0,0 +1,26 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Template for creating remote secrets
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+type: Opaque
+stringData: {}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml
new file mode 100644
index 0000000..d138660
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml
@@ -0,0 +1,265 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# TEMPLATE PARAMETERS:
+# ===================
+#
+# CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (i.e., the `Kustomization`).
+# CLUSTER_NAME: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
+# CLUSTER_AGE_SECRET_NAME: Name of the secret in the management cluster that keeps the private key for age/sops in the remote cluster.
+
+# Creates required remote namespaces
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}
+ prune: true
+ # wait: true
+ # force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces
+ kubeConfig:
+ secretRef:
+ name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
+ key: kubeconfig
+
+---
+# Creates remote `flux-system.flux-system` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
+ key: kubeconfig
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: flux-system
+ secret_namespace: flux-system
+ substituteFrom:
+ - kind: Secret
+ name: flux-system
+
+---
+# Creates remote `sops-age` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
+ key: kubeconfig
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ age.agekey: ${agekey}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: sops-age
+ secret_namespace: flux-system
+ substituteFrom:
+ - kind: Secret
+ name: ${CLUSTER_AGE_SECRET_NAME}
+
+---
+# Creates remote `fleet-repo.flux-system` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
+ key: kubeconfig
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: fleet-repo
+ secret_namespace: flux-system
+ substituteFrom:
+ - kind: Secret
+ name: fleet-repo
+
+---
+# Creates remote `sw-catalogs.flux-system` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
+ key: kubeconfig
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: sw-catalogs
+ secret_namespace: flux-system
+ substituteFrom:
+ - kind: Secret
+ name: sw-catalogs
+
+---
+# Remote installation of Flux controller (to let the cluster be autonomous)
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # Tune interval as needed
+ interval: 10m0s
+ path: ./clusters/${CLUSTER_KUSTOMIZATION_NAME}/flux-system
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
+ # Avoids removing resources unexpectedly
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ namespace: flux-system
+ kubeConfig:
+ secretRef:
+ name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
+ key: kubeconfig
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/apps.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/apps.yaml
new file mode 100644
index 0000000..607b8c9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/apps.yaml
@@ -0,0 +1,41 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: apps
+ namespace: flux-system
+ labels:
+ osm_profile_type: apps
+spec:
+ interval: 10m0s
+ dependsOn:
+ - name: infra-configs
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${APPS_PATH}
+ prune: true
+ wait: true
+ timeout: 5m0s
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/fleet-repo.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/fleet-repo.yaml
new file mode 100644
index 0000000..4f70cd7
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/fleet-repo.yaml
@@ -0,0 +1,30 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: fleet-repo
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: fleet-repo
+ url: ${FLEET_REPO_URL}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/gotk-components.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/gotk-components.yaml
new file mode 100644
index 0000000..50cc8d3
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/gotk-components.yaml
@@ -0,0 +1,8046 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# This manifest was generated by flux. DO NOT EDIT.
+# Flux Version: v2.1.2
+# Components: source-controller,kustomize-controller,helm-controller,notification-controller
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ pod-security.kubernetes.io/warn: restricted
+ pod-security.kubernetes.io/warn-version: latest
+ name: flux-system
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: allow-egress
+ namespace: flux-system
+spec:
+ egress:
+ - {}
+ ingress:
+ - from:
+ - podSelector: {}
+ podSelector: {}
+ policyTypes:
+ - Ingress
+ - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: allow-scraping
+ namespace: flux-system
+spec:
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ ports:
+ - port: 8080
+ protocol: TCP
+ podSelector: {}
+ policyTypes:
+ - Ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: allow-webhooks
+ namespace: flux-system
+spec:
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ app: notification-controller
+ policyTypes:
+ - Ingress
+---
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: critical-pods-flux-system
+ namespace: flux-system
+spec:
+ hard:
+ pods: "1000"
+ scopeSelector:
+ matchExpressions:
+ - operator: In
+ scopeName: PriorityClass
+ values:
+ - system-node-critical
+ - system-cluster-critical
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: crd-controller-flux-system
+rules:
+- apiGroups:
+ - source.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - helm.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - image.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - secrets
+ - configmaps
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: flux-edit-flux-system
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ name: flux-view-flux-system
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: cluster-reconciler-flux-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: crd-controller-flux-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: crd-controller-flux-system
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: source-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: notification-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-reflector-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-automation-controller
+ namespace: flux-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: buckets.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: Bucket
+ listKind: BucketList
+ plural: buckets
+ singular: bucket
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.endpoint
+ name: Endpoint
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Bucket is the Schema for the buckets API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BucketSpec defines the desired state of an S3 compatible
+ bucket
+ properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ bucketName:
+ description: The bucket name.
+ type: string
+ endpoint:
+ description: The bucket endpoint address.
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ insecure:
+ description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
+ type: boolean
+ interval:
+ description: The interval at which to check for bucket updates.
+ type: string
+ provider:
+ default: generic
+ description: The S3 compatible storage provider name, default ('generic').
+ enum:
+ - generic
+ - aws
+ - gcp
+ type: string
+ region:
+ description: The bucket region.
+ type: string
+ secretRef:
+ description: The name of the secret containing authentication credentials
+ for the Bucket.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ timeout:
+ default: 60s
+ description: The timeout for download operations, defaults to 60s.
+ type: string
+ required:
+ - bucketName
+ - endpoint
+ - interval
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: BucketStatus defines the observed state of a bucket
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ Bucket sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA256 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the Bucket.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the artifact output of the
+ last Bucket sync.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.endpoint
+ name: Endpoint
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Bucket is the Schema for the buckets API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BucketSpec specifies the required configuration to produce
+ an Artifact for an object storage bucket.
+ properties:
+ accessFrom:
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ bucketName:
+ description: BucketName is the name of the object storage bucket.
+ type: string
+ endpoint:
+ description: Endpoint is the object storage address the BucketName
+ is located at.
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ insecure:
+ description: Insecure allows connecting to a non-TLS HTTP Endpoint.
+ type: boolean
+ interval:
+ description: Interval at which the Bucket Endpoint is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ provider:
+ default: generic
+ description: Provider of the object storage bucket. Defaults to 'generic',
+ which expects an S3 (API) compatible object storage.
+ enum:
+ - generic
+ - aws
+ - gcp
+ - azure
+ type: string
+ region:
+ description: Region of the Endpoint where the BucketName is located
+ in.
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the Bucket.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend the reconciliation
+ of this Bucket.
+ type: boolean
+ timeout:
+ default: 60s
+ description: Timeout for fetch operations, defaults to 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ required:
+ - bucketName
+ - endpoint
+ - interval
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: BucketStatus records the observed state of a Bucket.
+ properties:
+ artifact:
+ description: Artifact represents the last successful Bucket reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the Bucket.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the Bucket object.
+ format: int64
+ type: integer
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
+ type: string
+ url:
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
+ data is recommended.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: gitrepositories.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: GitRepository
+ listKind: GitRepositoryList
+ plural: gitrepositories
+ shortNames:
+ - gitrepo
+ singular: gitrepository
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: GitRepository is the Schema for the gitrepositories API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: GitRepositorySpec specifies the required configuration to
+ produce an Artifact for a Git repository.
+ properties:
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ include:
+ description: Include specifies a list of GitRepository resources which
+ Artifacts should be included in the Artifact produced for this GitRepository.
+ items:
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
+ properties:
+ fromPath:
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
+ type: string
+ repository:
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ interval:
+ description: Interval at which the GitRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ proxySecretRef:
+ description: ProxySecretRef specifies the Secret containing the proxy
+ configuration to use while communicating with the Git server.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ recurseSubmodules:
+ description: RecurseSubmodules enables the initialization of all submodules
+ within the GitRepository as cloned from the URL, using their default
+ settings.
+ type: boolean
+ ref:
+ description: Reference specifies the Git reference to resolve and
+ monitor for changes, defaults to the 'master' branch.
+ properties:
+ branch:
+ description: Branch to check out, defaults to 'master' if no other
+ field is defined.
+ type: string
+ commit:
+ description: "Commit SHA to check out, takes precedence over all
+ reference fields. \n This can be combined with Branch to shallow
+ clone the branch, in which the commit is expected to exist."
+ type: string
+ name:
+ description: "Name of the reference to check out; takes precedence
+ over Branch, Tag and SemVer. \n It must be a valid Git reference:
+ https://git-scm.com/docs/git-check-ref-format#_description Examples:
+ \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
+ \"refs/merge-requests/1/head\""
+ type: string
+ semver:
+ description: SemVer tag expression to check out, takes precedence
+ over Tag.
+ type: string
+ tag:
+ description: Tag to check out, takes precedence over Branch.
+ type: string
+ type: object
+ secretRef:
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the GitRepository. For HTTPS repositories the Secret
+ must contain 'username' and 'password' fields for basic auth or
+ 'bearerToken' field for token auth. For SSH repositories the Secret
+ must contain 'identity' and 'known_hosts' fields.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend the reconciliation
+ of this GitRepository.
+ type: boolean
+ timeout:
+ default: 60s
+ description: Timeout for Git operations like cloning, defaults to
+ 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ url:
+ description: URL specifies the Git repository URL, it can be an HTTP/S
+ or SSH address.
+ pattern: ^(http|https|ssh)://.*$
+ type: string
+ verify:
+ description: Verification specifies the configuration to verify the
+ Git commit signature(s).
+ properties:
+ mode:
+ default: HEAD
+ description: "Mode specifies which Git object(s) should be verified.
+ \n The variants \"head\" and \"HEAD\" both imply the same thing,
+ i.e. verify the commit that the HEAD of the Git repository points
+ to. The variant \"head\" solely exists to ensure backwards compatibility."
+ enum:
+ - head
+ - HEAD
+ - Tag
+ - TagAndHEAD
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing the public
+ keys of trusted Git authors.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - secretRef
+ type: object
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: GitRepositoryStatus records the observed state of a Git repository.
+ properties:
+ artifact:
+ description: Artifact represents the last successful GitRepository
+ reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the GitRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ includedArtifacts:
+ description: IncludedArtifacts contains a list of the last successfully
+ included Artifacts as instructed by GitRepositorySpec.Include.
+ items:
+ description: Artifact represents the output of a Source reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of
+ '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI
+ annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact.
+ It can be used to locate the file in the root of the Artifact
+ storage on the local file system of the controller managing
+ the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the GitRepository object.
+ format: int64
+ type: integer
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
+ type: string
+ observedInclude:
+ description: ObservedInclude is the observed list of GitRepository
+ resources used to produce the current Artifact.
+ items:
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
+ properties:
+ fromPath:
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
+ type: string
+ repository:
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ observedRecurseSubmodules:
+ description: ObservedRecurseSubmodules is the observed resource submodules
+ configuration used to produce the current Artifact.
+ type: boolean
+ sourceVerificationMode:
+ description: SourceVerificationMode is the last used verification
+ mode indicating which Git object(s) have been verified.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: GitRepository is the Schema for the gitrepositories API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: GitRepositorySpec defines the desired state of a Git repository.
+ properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ gitImplementation:
+ default: go-git
+ description: Determines which git client library to use. Defaults
+ to go-git, valid values are ('go-git', 'libgit2').
+ enum:
+ - go-git
+ - libgit2
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ include:
+ description: Extra git repositories to map into the repository
+ items:
+ description: GitRepositoryInclude defines a source with a from and
+ to path.
+ properties:
+ fromPath:
+ description: The path to copy contents from, defaults to the
+ root directory.
+ type: string
+ repository:
+ description: Reference to a GitRepository to include.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: The path to copy contents to, defaults to the name
+ of the source ref.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ interval:
+ description: The interval at which to check for repository updates.
+ type: string
+ recurseSubmodules:
+ description: When enabled, after the clone is created, initializes
+ all submodules within, using their default settings. This option
+ is available only when using the 'go-git' GitImplementation.
+ type: boolean
+ ref:
+ description: The Git reference to checkout and monitor for changes,
+ defaults to master branch.
+ properties:
+ branch:
+ description: The Git branch to checkout, defaults to master.
+ type: string
+ commit:
+ description: The Git commit SHA to checkout, if specified Tag
+ filters will be ignored.
+ type: string
+ semver:
+ description: The Git tag semver expression, takes precedence over
+ Tag.
+ type: string
+ tag:
+ description: The Git tag to checkout, takes precedence over Branch.
+ type: string
+ type: object
+ secretRef:
+ description: The secret name containing the Git credentials. For HTTPS
+ repositories the secret must contain username and password fields.
+ For SSH repositories the secret must contain identity and known_hosts
+ fields.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ timeout:
+ default: 60s
+ description: The timeout for remote Git operations like cloning, defaults
+ to 60s.
+ type: string
+ url:
+ description: The repository URL, can be a HTTP/S or SSH address.
+ pattern: ^(http|https|ssh)://.*$
+ type: string
+ verify:
+ description: Verify OpenPGP signature for the Git commit HEAD points
+ to.
+ properties:
+ mode:
+ description: Mode describes what git object should be verified,
+ currently ('head').
+ enum:
+ - head
+ type: string
+ secretRef:
+ description: The secret name containing the public keys of all
+ trusted Git authors.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - mode
+ type: object
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: GitRepositoryStatus defines the observed state of a Git repository.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ repository sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA256 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the GitRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ includedArtifacts:
+ description: IncludedArtifacts represents the included artifacts from
+ the last successful repository sync.
+ items:
+ description: Artifact represents the output of a source synchronisation.
+ properties:
+ checksum:
+ description: Checksum is the SHA256 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the artifact output of the
+ last repository sync.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ deprecated: true
+ deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: GitRepository is the Schema for the gitrepositories API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: GitRepositorySpec specifies the required configuration to
+ produce an Artifact for a Git repository.
+ properties:
+ accessFrom:
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ gitImplementation:
+ default: go-git
+ description: 'GitImplementation specifies which Git client library
+ implementation to use. Defaults to ''go-git'', valid values are
+ (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated
+ now that ''go-git'' is the only supported implementation.'
+ enum:
+ - go-git
+ - libgit2
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ include:
+ description: Include specifies a list of GitRepository resources which
+ Artifacts should be included in the Artifact produced for this GitRepository.
+ items:
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
+ properties:
+ fromPath:
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
+ type: string
+ repository:
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ interval:
+ description: Interval at which to check the GitRepository for updates.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ recurseSubmodules:
+ description: RecurseSubmodules enables the initialization of all submodules
+ within the GitRepository as cloned from the URL, using their default
+ settings.
+ type: boolean
+ ref:
+ description: Reference specifies the Git reference to resolve and
+ monitor for changes, defaults to the 'master' branch.
+ properties:
+ branch:
+ description: Branch to check out, defaults to 'master' if no other
+ field is defined.
+ type: string
+ commit:
+ description: "Commit SHA to check out, takes precedence over all
+ reference fields. \n This can be combined with Branch to shallow
+ clone the branch, in which the commit is expected to exist."
+ type: string
+ name:
+ description: "Name of the reference to check out; takes precedence
+ over Branch, Tag and SemVer. \n It must be a valid Git reference:
+ https://git-scm.com/docs/git-check-ref-format#_description Examples:
+ \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
+ \"refs/merge-requests/1/head\""
+ type: string
+ semver:
+ description: SemVer tag expression to check out, takes precedence
+ over Tag.
+ type: string
+ tag:
+ description: Tag to check out, takes precedence over Branch.
+ type: string
+ type: object
+ secretRef:
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the GitRepository. For HTTPS repositories the Secret
+ must contain 'username' and 'password' fields for basic auth or
+ 'bearerToken' field for token auth. For SSH repositories the Secret
+ must contain 'identity' and 'known_hosts' fields.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend the reconciliation
+ of this GitRepository.
+ type: boolean
+ timeout:
+ default: 60s
+ description: Timeout for Git operations like cloning, defaults to
+ 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ url:
+ description: URL specifies the Git repository URL, it can be an HTTP/S
+ or SSH address.
+ pattern: ^(http|https|ssh)://.*$
+ type: string
+ verify:
+ description: Verification specifies the configuration to verify the
+ Git commit signature(s).
+ properties:
+ mode:
+ description: Mode specifies what Git object should be verified,
+ currently ('head').
+ enum:
+ - head
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing the public
+ keys of trusted Git authors.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - mode
+ - secretRef
+ type: object
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: GitRepositoryStatus records the observed state of a Git repository.
+ properties:
+ artifact:
+ description: Artifact represents the last successful GitRepository
+ reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the GitRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ contentConfigChecksum:
+ description: "ContentConfigChecksum is a checksum of all the configurations
+ related to the content of the source artifact: - .spec.ignore -
+ .spec.recurseSubmodules - .spec.included and the checksum of the
+ included artifacts observed in .status.observedGeneration version
+ of the object. This can be used to determine if the content of the
+ included repository has changed. It has the format of `<algo>:<checksum>`,
+ for example: `sha256:<checksum>`. \n Deprecated: Replaced with explicit
+ fields for observed artifact content config in the status."
+ type: string
+ includedArtifacts:
+ description: IncludedArtifacts contains a list of the last successfully
+ included Artifacts as instructed by GitRepositorySpec.Include.
+ items:
+ description: Artifact represents the output of a Source reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of
+ '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI
+ annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact.
+ It can be used to locate the file in the root of the Artifact
+ storage on the local file system of the controller managing
+ the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the GitRepository object.
+ format: int64
+ type: integer
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
+ type: string
+ observedInclude:
+ description: ObservedInclude is the observed list of GitRepository
+ resources used to to produce the current Artifact.
+ items:
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
+ properties:
+ fromPath:
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
+ type: string
+ repository:
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ observedRecurseSubmodules:
+ description: ObservedRecurseSubmodules is the observed resource submodules
+ configuration used to produce the current Artifact.
+ type: boolean
+ url:
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
+ data is recommended.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: helmcharts.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: HelmChart
+ listKind: HelmChartList
+ plural: helmcharts
+ shortNames:
+ - hc
+ singular: helmchart
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.chart
+ name: Chart
+ type: string
+ - jsonPath: .spec.version
+ name: Version
+ type: string
+ - jsonPath: .spec.sourceRef.kind
+ name: Source Kind
+ type: string
+ - jsonPath: .spec.sourceRef.name
+ name: Source Name
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: HelmChart is the Schema for the helmcharts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmChartSpec defines the desired state of a Helm chart.
+ properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ chart:
+ description: The name or path the Helm chart is available at in the
+ SourceRef.
+ type: string
+ interval:
+ description: The interval at which to check the Source for updates.
+ type: string
+ reconcileStrategy:
+ default: ChartVersion
+ description: Determines what enables the creation of a new artifact.
+ Valid values are ('ChartVersion', 'Revision'). See the documentation
+ of the values for an explanation on their behavior. Defaults to
+ ChartVersion when omitted.
+ enum:
+ - ChartVersion
+ - Revision
+ type: string
+ sourceRef:
+ description: The reference to the Source the chart is available at.
+ properties:
+ apiVersion:
+ description: APIVersion of the referent.
+ type: string
+ kind:
+ description: Kind of the referent, valid values are ('HelmRepository',
+ 'GitRepository', 'Bucket').
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ valuesFile:
+ description: Alternative values file to use as the default chart values,
+ expected to be a relative path in the SourceRef. Deprecated in favor
+ of ValuesFiles, for backwards compatibility the file defined here
+ is merged before the ValuesFiles items. Ignored when omitted.
+ type: string
+ valuesFiles:
+ description: Alternative list of values files to use as the chart
+ values (values.yaml is not included by default), expected to be
+ a relative path in the SourceRef. Values files are merged in the
+ order of this list with the last file overriding the first. Ignored
+ when omitted.
+ items:
+ type: string
+ type: array
+ version:
+ default: '*'
+ description: The chart version semver expression, ignored for charts
+ from GitRepository and Bucket sources. Defaults to latest when omitted.
+ type: string
+ required:
+ - chart
+ - interval
+ - sourceRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmChartStatus defines the observed state of the HelmChart.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ chart sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA256 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the HelmChart.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the last chart pulled.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.chart
+ name: Chart
+ type: string
+ - jsonPath: .spec.version
+ name: Version
+ type: string
+ - jsonPath: .spec.sourceRef.kind
+ name: Source Kind
+ type: string
+ - jsonPath: .spec.sourceRef.name
+ name: Source Name
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: HelmChart is the Schema for the helmcharts API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmChartSpec specifies the desired state of a Helm chart.
+ properties:
+ accessFrom:
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ chart:
+ description: Chart is the name or path the Helm chart is available
+ at in the SourceRef.
+ type: string
+ interval:
+ description: Interval at which the HelmChart SourceRef is checked
+ for updates. This interval is approximate and may be subject to
+ jitter to ensure efficient use of resources.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ reconcileStrategy:
+ default: ChartVersion
+ description: ReconcileStrategy determines what enables the creation
+ of a new artifact. Valid values are ('ChartVersion', 'Revision').
+ See the documentation of the values for an explanation on their
+ behavior. Defaults to ChartVersion when omitted.
+ enum:
+ - ChartVersion
+ - Revision
+ type: string
+ sourceRef:
+ description: SourceRef is the reference to the Source the chart is
+ available at.
+ properties:
+ apiVersion:
+ description: APIVersion of the referent.
+ type: string
+ kind:
+ description: Kind of the referent, valid values are ('HelmRepository',
+ 'GitRepository', 'Bucket').
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ valuesFile:
+ description: ValuesFile is an alternative values file to use as the
+ default chart values, expected to be a relative path in the SourceRef.
+ Deprecated in favor of ValuesFiles, for backwards compatibility
+ the file specified here is merged before the ValuesFiles items.
+ Ignored when omitted.
+ type: string
+ valuesFiles:
+ description: ValuesFiles is an alternative list of values files to
+ use as the chart values (values.yaml is not included by default),
+ expected to be a relative path in the SourceRef. Values files are
+ merged in the order of this list with the last file overriding the
+ first. Ignored when omitted.
+ items:
+ type: string
+ type: array
+ verify:
+ description: Verify contains the secret name containing the trusted
+ public keys used to verify the signature and specifies which provider
+ to use to check whether OCI image is authentic. This field is only
+ supported when using HelmRepository source with spec.type 'oci'.
+ Chart dependencies, which are not bundled in the umbrella chart
+ artifact, are not verified.
+ properties:
+ provider:
+ default: cosign
+ description: Provider specifies the technology used to sign the
+ OCI Artifact.
+ enum:
+ - cosign
+ type: string
+ secretRef:
+ description: SecretRef specifies the Kubernetes Secret containing
+ the trusted public keys.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ version:
+ default: '*'
+ description: Version is the chart version semver expression, ignored
+ for charts from GitRepository and Bucket sources. Defaults to latest
+ when omitted.
+ type: string
+ required:
+ - chart
+ - interval
+ - sourceRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmChartStatus records the observed state of the HelmChart.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the HelmChart.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedChartName:
+ description: ObservedChartName is the last observed chart name as
+ specified by the resolved chart reference.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the HelmChart object.
+ format: int64
+ type: integer
+ observedSourceArtifactRevision:
+ description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
+ of the HelmChartSpec.SourceRef.
+ type: string
+ url:
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
+ data is recommended.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: helmrepositories.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: HelmRepository
+ listKind: HelmRepositoryList
+ plural: helmrepositories
+ shortNames:
+ - helmrepo
+ singular: helmrepository
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: HelmRepository is the Schema for the helmrepositories API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmRepositorySpec defines the reference to a Helm repository.
+ properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ interval:
+ description: The interval at which to check the upstream for updates.
+ type: string
+ passCredentials:
+ description: PassCredentials allows the credentials from the SecretRef
+ to be passed on to a host that does not match the host as defined
+ in URL. This may be required if the host of the advertised chart
+ URLs in the index differ from the defined URL. Enabling this should
+ be done with caution, as it can potentially result in credentials
+ getting stolen in a MITM-attack.
+ type: boolean
+ secretRef:
+ description: The name of the secret containing authentication credentials
+ for the Helm repository. For HTTP/S basic auth the secret must contain
+ username and password fields. For TLS the secret must contain a
+ certFile and keyFile, and/or caFile fields.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ timeout:
+ default: 60s
+ description: The timeout of index downloading, defaults to 60s.
+ type: string
+ url:
+ description: The Helm repository URL, a valid URL contains at least
+ a protocol and host.
+ type: string
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmRepositoryStatus defines the observed state of the HelmRepository.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ repository sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA256 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the HelmRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the last index fetched.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: HelmRepository is the Schema for the helmrepositories API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmRepositorySpec specifies the required configuration to
+ produce an Artifact for a Helm repository index YAML.
+ properties:
+ accessFrom:
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ certSecretRef:
+ description: "CertSecretRef can be given the name of a Secret containing
+ either or both of \n - a PEM-encoded client certificate (`tls.crt`)
+ and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
+ \n and whichever are supplied, will be used for connecting to the
+ registry. The client cert and key are useful if you are authenticating
+ with a certificate; the CA cert is useful if you are using a self-signed
+ server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ \n It takes precedence over the values specified in the Secret referred
+ to by `.spec.secretRef`."
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ interval:
+ description: Interval at which the HelmRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ passCredentials:
+ description: PassCredentials allows the credentials from the SecretRef
+ to be passed on to a host that does not match the host as defined
+ in URL. This may be required if the host of the advertised chart
+ URLs in the index differ from the defined URL. Enabling this should
+ be done with caution, as it can potentially result in credentials
+ getting stolen in a MITM-attack.
+ type: boolean
+ provider:
+ default: generic
+ description: Provider used for authentication, can be 'aws', 'azure',
+ 'gcp' or 'generic'. This field is optional, and only taken into
+ account if the .spec.type field is set to 'oci'. When not specified,
+ defaults to 'generic'.
+ enum:
+ - generic
+ - aws
+ - azure
+ - gcp
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the HelmRepository. For HTTP/S basic auth the secret
+ must contain 'username' and 'password' fields. Support for TLS auth
+ using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated.
+ Please use `.spec.certSecretRef` instead.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend the reconciliation
+ of this HelmRepository.
+ type: boolean
+ timeout:
+ default: 60s
+ description: Timeout is used for the index fetch operation for an
+ HTTPS helm repository, and for remote OCI Repository operations
+ like pulling for an OCI helm repository. Its default value is 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ type:
+ description: Type of the HelmRepository. When this field is set to "oci",
+ the URL field value must be prefixed with "oci://".
+ enum:
+ - default
+ - oci
+ type: string
+ url:
+ description: URL of the Helm repository, a valid URL contains at least
+ a protocol and host.
+ type: string
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmRepositoryStatus records the observed state of the HelmRepository.
+ properties:
+ artifact:
+ description: Artifact represents the last successful HelmRepository
+ reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the HelmRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the HelmRepository object.
+ format: int64
+ type: integer
+ url:
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
+ data is recommended.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: ocirepositories.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: OCIRepository
+ listKind: OCIRepositoryList
+ plural: ocirepositories
+ shortNames:
+ - ocirepo
+ singular: ocirepository
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: OCIRepository is the Schema for the ocirepositories API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OCIRepositorySpec defines the desired state of OCIRepository
+ properties:
+ certSecretRef:
+ description: "CertSecretRef can be given the name of a Secret containing
+ either or both of \n - a PEM-encoded client certificate (`tls.crt`)
+ and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
+ \n and whichever are supplied, will be used for connecting to the
+ registry. The client cert and key are useful if you are authenticating
+ with a certificate; the CA cert is useful if you are using a self-signed
+ server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ \n Note: Support for the `caFile`, `certFile` and `keyFile` keys
+ have been deprecated."
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ insecure:
+ description: Insecure allows connecting to a non-TLS HTTP container
+ registry.
+ type: boolean
+ interval:
+ description: Interval at which the OCIRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ layerSelector:
+ description: LayerSelector specifies which layer should be extracted
+ from the OCI artifact. When not specified, the first layer found
+ in the artifact is selected.
+ properties:
+ mediaType:
+ description: MediaType specifies the OCI media type of the layer
+ which should be extracted from the OCI Artifact. The first layer
+ matching this type is selected.
+ type: string
+ operation:
+ description: Operation specifies how the selected layer should
+ be processed. By default, the layer compressed content is extracted
+ to storage. When the operation is set to 'copy', the layer compressed
+ content is persisted to storage as it is.
+ enum:
+ - extract
+ - copy
+ type: string
+ type: object
+ provider:
+ default: generic
+ description: The provider used for authentication, can be 'aws', 'azure',
+ 'gcp' or 'generic'. When not specified, defaults to 'generic'.
+ enum:
+ - generic
+ - aws
+ - azure
+ - gcp
+ type: string
+ ref:
+ description: The OCI reference to pull and monitor for changes, defaults
+ to the latest tag.
+ properties:
+ digest:
+ description: Digest is the image digest to pull, takes precedence
+ over SemVer. The value should be in the format 'sha256:<HASH>'.
+ type: string
+ semver:
+ description: SemVer is the range of tags to pull selecting the
+ latest within the range, takes precedence over Tag.
+ type: string
+ tag:
+ description: Tag is the image tag to pull, defaults to latest.
+ type: string
+ type: object
+ secretRef:
+ description: SecretRef contains the secret name containing the registry
+ login credentials to resolve image metadata. The secret must be
+ of type kubernetes.io/dockerconfigjson.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
+ used to authenticate the image pull if the service account has attached
+ pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
+ type: string
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ timeout:
+ default: 60s
+ description: The timeout for remote OCI Repository operations like
+ pulling, defaults to 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ url:
+ description: URL is a reference to an OCI artifact repository hosted
+ on a remote container registry.
+ pattern: ^oci://.*$
+ type: string
+ verify:
+ description: Verify contains the secret name containing the trusted
+ public keys used to verify the signature and specifies which provider
+ to use to check whether OCI image is authentic.
+ properties:
+ provider:
+ default: cosign
+ description: Provider specifies the technology used to sign the
+ OCI Artifact.
+ enum:
+ - cosign
+ type: string
+ secretRef:
+ description: SecretRef specifies the Kubernetes Secret containing
+ the trusted public keys.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: OCIRepositoryStatus defines the observed state of OCIRepository
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ OCI Repository sync.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the OCIRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ contentConfigChecksum:
+ description: "ContentConfigChecksum is a checksum of all the configurations
+ related to the content of the source artifact: - .spec.ignore -
+ .spec.layerSelector observed in .status.observedGeneration version
+ of the object. This can be used to determine if the content configuration
+ has changed and the artifact needs to be rebuilt. It has the format
+ of `<algo>:<checksum>`, for example: `sha256:<checksum>`. \n Deprecated:
+ Replaced with explicit fields for observed artifact content config
+ in the status."
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
+ type: string
+ observedLayerSelector:
+ description: ObservedLayerSelector is the observed layer selector
+ used for constructing the source artifact.
+ properties:
+ mediaType:
+ description: MediaType specifies the OCI media type of the layer
+ which should be extracted from the OCI Artifact. The first layer
+ matching this type is selected.
+ type: string
+ operation:
+ description: Operation specifies how the selected layer should
+ be processed. By default, the layer compressed content is extracted
+ to storage. When the operation is set to 'copy', the layer compressed
+ content is persisted to storage as it is.
+ enum:
+ - extract
+ - copy
+ type: string
+ type: object
+ url:
+ description: URL is the download link for the artifact output of the
+ last OCI Repository sync.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: source-controller
+ namespace: flux-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ control-plane: controller
+ name: source-controller
+ namespace: flux-system
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: source-controller
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ control-plane: controller
+ name: source-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: source-controller
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: source-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --storage-path=/data
+ - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: TUF_ROOT
+ value: /tmp/.sigstore
+ image: ghcr.io/fluxcd/source-controller:v1.1.2
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ protocol: TCP
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /tmp
+ name: tmp
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-cluster-critical
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: source-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: data
+ - emptyDir: {}
+ name: tmp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: kustomizations.kustomize.toolkit.fluxcd.io
+spec:
+ group: kustomize.toolkit.fluxcd.io
+ names:
+ kind: Kustomization
+ listKind: KustomizationList
+ plural: kustomizations
+ shortNames:
+ - ks
+ singular: kustomization
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Kustomization is the Schema for the kustomizations API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KustomizationSpec defines the configuration to calculate
+ the desired state from a Source using Kustomize.
+ properties:
+ commonMetadata:
+ description: CommonMetadata specifies the common labels and annotations
+ that are applied to all resources. Any existing label or annotation
+ will be overridden if its key matches a common one.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to the object's metadata.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to the object's metadata.
+ type: object
+ type: object
+ components:
+ description: Components specifies relative paths to specifications
+ of other Components.
+ items:
+ type: string
+ type: array
+ decryption:
+ description: Decrypt Kubernetes secrets before applying them on the
+ cluster.
+ properties:
+ provider:
+ description: Provider is the name of the decryption engine.
+ enum:
+ - sops
+ type: string
+ secretRef:
+ description: The secret name containing the private OpenPGP keys
+ used for decryption.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ dependsOn:
+ description: DependsOn may contain a meta.NamespacedObjectReference
+ slice with references to Kustomization resources that must be ready
+ before this Kustomization can be reconciled.
+ items:
+ description: NamespacedObjectReference contains enough information
+ to locate the referenced Kubernetes resource object in any namespace.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ force:
+ default: false
+ description: Force instructs the controller to recreate resources
+ when patching fails due to an immutable field change.
+ type: boolean
+ healthChecks:
+ description: A list of resources to be included in the health assessment.
+ items:
+ description: NamespacedObjectKindReference contains enough information
+ to locate the typed referenced Kubernetes resource object in any
+ namespace.
+ properties:
+ apiVersion:
+ description: API version of the referent, if not specified the
+ Kubernetes preferred version will be used.
+ type: string
+ kind:
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ images:
+ description: Images is a list of (image name, new name, new tag or
+ digest) for changing image names, tags or digests. This can also
+ be achieved with a patch, but this operator is simpler to specify.
+ items:
+ description: Image contains an image name, a new name, a new tag
+ or digest, which will replace the original name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the original
+ image tag. If digest is present NewTag value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace the original
+ name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the original
+ tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ interval:
+ description: The interval at which to reconcile the Kustomization.
+ This interval is approximate and may be subject to jitter to ensure
+ efficient use of resources.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ kubeConfig:
+ description: The KubeConfig for reconciling the Kustomization on a
+ remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
+ forces the controller to act on behalf of that Service Account at
+ the target cluster. If the --default-service-account flag is set,
+ its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
+ is empty.
+ properties:
+ secretRef:
+ description: SecretRef holds the name of a secret that contains
+ a key with the kubeconfig file as the value. If no key is set,
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
+ properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
+ name:
+ description: Name of the Secret.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - secretRef
+ type: object
+ patches:
+ description: Strategic merge and JSON patches, defined as inline YAML
+ objects, capable of targeting objects based on kind, label and annotation
+ selectors.
+ items:
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
+ type: string
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ type: object
+ type: array
+ path:
+ description: Path to the directory containing the kustomization.yaml
+ file, or the set of plain YAMLs a kustomization.yaml should be generated
+ for. Defaults to 'None', which translates to the root path of the
+ SourceRef.
+ type: string
+ postBuild:
+ description: PostBuild describes which actions to perform on the YAML
+ manifest generated by building the kustomize overlay.
+ properties:
+ substitute:
+ additionalProperties:
+ type: string
+ description: Substitute holds a map of key/value pairs. The variables
+ defined in your YAML manifests that match any of the keys defined
+ in the map will be substituted with the set value. Includes
+ support for bash string replacement functions e.g. ${var:=default},
+ ${var:position} and ${var/substring/replacement}.
+ type: object
+ substituteFrom:
+ description: SubstituteFrom holds references to ConfigMaps and
+ Secrets containing the variables and their values to be substituted
+ in the YAML manifests. The ConfigMap and the Secret data keys
+ represent the var names, and they must match the vars declared
+ in the manifests for the substitution to happen.
+ items:
+ description: SubstituteReference contains a reference to a resource
+ containing the variables name and value.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are
+ ('Secret', 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside
+ in the same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ optional:
+ default: false
+ description: Optional indicates whether the referenced resource
+ must exist, or whether to tolerate its absence. If true
+ and the referenced resource is absent, proceed as if the
+ resource was present but empty, without any variables
+ defined.
+ type: boolean
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ type: object
+ prune:
+ description: Prune enables garbage collection.
+ type: boolean
+ retryInterval:
+ description: The interval at which to retry a previously failed reconciliation.
+ When not specified, the controller uses the KustomizationSpec.Interval
+ value to retry failures.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this Kustomization.
+ type: string
+ sourceRef:
+ description: Reference of the source where the kustomization file
+ is.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: Kind of the referent.
+ enum:
+ - OCIRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, defaults to the namespace
+ of the Kubernetes resource object that contains the reference.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ kustomize executions, it does not apply to already started executions.
+ Defaults to false.
+ type: boolean
+ targetNamespace:
+ description: TargetNamespace sets or overrides the namespace in the
+ kustomization.yaml file.
+ maxLength: 63
+ minLength: 1
+ type: string
+ timeout:
+ description: Timeout for validation, apply and health checking operations.
+ Defaults to 'Interval' duration.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ wait:
+ description: Wait instructs the controller to check the health of
+ all the reconciled resources. When enabled, the HealthChecks are
+ ignored. Defaults to false.
+ type: boolean
+ required:
+ - interval
+ - prune
+ - sourceRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: KustomizationStatus defines the observed state of a kustomization.
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ inventory:
+ description: Inventory contains the list of Kubernetes resource object
+ references that have been successfully applied.
+ properties:
+ entries:
+ description: Entries of Kubernetes resource object references.
+ items:
+ description: ResourceRef contains the information necessary
+ to locate a resource within a cluster.
+ properties:
+ id:
+ description: ID is the string representation of the Kubernetes
+ resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
+ type: string
+ v:
+ description: Version is the API version of the Kubernetes
+ resource object's kind.
+ type: string
+ required:
+ - id
+ - v
+ type: object
+ type: array
+ required:
+ - entries
+ type: object
+ lastAppliedRevision:
+ description: The last successfully applied revision. Equals the Revision
+ of the applied Artifact from the referenced Source.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Kustomization is the Schema for the kustomizations API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KustomizationSpec defines the desired state of a kustomization.
+ properties:
+ decryption:
+ description: Decrypt Kubernetes secrets before applying them on the
+ cluster.
+ properties:
+ provider:
+ description: Provider is the name of the decryption engine.
+ enum:
+ - sops
+ type: string
+ secretRef:
+ description: The secret name containing the private OpenPGP keys
+ used for decryption.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ dependsOn:
+ description: DependsOn may contain a meta.NamespacedObjectReference
+ slice with references to Kustomization resources that must be ready
+ before this Kustomization can be reconciled.
+ items:
+ description: NamespacedObjectReference contains enough information
+ to locate the referenced Kubernetes resource object in any namespace.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ force:
+ default: false
+ description: Force instructs the controller to recreate resources
+ when patching fails due to an immutable field change.
+ type: boolean
+ healthChecks:
+ description: A list of resources to be included in the health assessment.
+ items:
+ description: NamespacedObjectKindReference contains enough information
+ to locate the typed referenced Kubernetes resource object in any
+ namespace.
+ properties:
+ apiVersion:
+ description: API version of the referent, if not specified the
+ Kubernetes preferred version will be used.
+ type: string
+ kind:
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ images:
+ description: Images is a list of (image name, new name, new tag or
+ digest) for changing image names, tags or digests. This can also
+ be achieved with a patch, but this operator is simpler to specify.
+ items:
+ description: Image contains an image name, a new name, a new tag
+ or digest, which will replace the original name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the original
+ image tag. If digest is present NewTag value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace the original
+ name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the original
+ tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ interval:
+ description: The interval at which to reconcile the Kustomization.
+ type: string
+ kubeConfig:
+ description: The KubeConfig for reconciling the Kustomization on a
+ remote cluster. When specified, KubeConfig takes precedence over
+ ServiceAccountName.
+ properties:
+ secretRef:
+ description: SecretRef holds the name to a secret that contains
+ a 'value' key with the kubeconfig file as the value. It must
+ be in the same namespace as the Kustomization. It is recommended
+ that the kubeconfig is self-contained, and the secret is regularly
+ updated if credentials such as a cloud-access-token expire.
+ Cloud specific `cmd-path` auth helpers will not function without
+ adding binaries and credentials to the Pod that is responsible
+ for reconciling the Kustomization.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ patches:
+ description: Strategic merge and JSON patches, defined as inline YAML
+ objects, capable of targeting objects based on kind, label and annotation
+ selectors.
+ items:
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
+ type: string
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ type: object
+ type: array
+ patchesJson6902:
+ description: JSON 6902 patches, defined as inline YAML objects.
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and the target
+ the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document with
+ an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ properties:
+ from:
+ description: From contains a JSON-pointer value that references
+ a location within the target document where the operation
+ is performed. The meaning of the value depends on the
+ value of Op, and is NOT taken into account by all operations.
+ type: string
+ op:
+ description: Op indicates the operation to perform. Its
+ value MUST be one of "add", "remove", "replace", "move",
+ "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ description: Path contains the JSON-pointer value that
+ references a location within the target document where
+ the operation is performed. The meaning of the value
+ depends on the value of Op.
+ type: string
+ value:
+ description: Value contains a valid JSON structure. The
+ meaning of the value depends on the value of Op, and
+ is NOT taken into account by all operations.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: Strategic merge patches, defined as inline YAML objects.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ path:
+ description: Path to the directory containing the kustomization.yaml
+ file, or the set of plain YAMLs a kustomization.yaml should be generated
+ for. Defaults to 'None', which translates to the root path of the
+ SourceRef.
+ type: string
+ postBuild:
+ description: PostBuild describes which actions to perform on the YAML
+ manifest generated by building the kustomize overlay.
+ properties:
+ substitute:
+ additionalProperties:
+ type: string
+ description: Substitute holds a map of key/value pairs. The variables
+ defined in your YAML manifests that match any of the keys defined
+ in the map will be substituted with the set value. Includes
+ support for bash string replacement functions e.g. ${var:=default},
+ ${var:position} and ${var/substring/replacement}.
+ type: object
+ substituteFrom:
+ description: SubstituteFrom holds references to ConfigMaps and
+ Secrets containing the variables and their values to be substituted
+ in the YAML manifests. The ConfigMap and the Secret data keys
+ represent the var names and they must match the vars declared
+ in the manifests for the substitution to happen.
+ items:
+ description: SubstituteReference contains a reference to a resource
+ containing the variables name and value.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are
+ ('Secret', 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside
+ in the same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ type: object
+ prune:
+ description: Prune enables garbage collection.
+ type: boolean
+ retryInterval:
+ description: The interval at which to retry a previously failed reconciliation.
+ When not specified, the controller uses the KustomizationSpec.Interval
+ value to retry failures.
+ type: string
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this Kustomization.
+ type: string
+ sourceRef:
+ description: Reference of the source where the kustomization file
+ is.
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent
+ type: string
+ namespace:
+ description: Namespace of the referent, defaults to the Kustomization
+ namespace
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ kustomize executions, it does not apply to already started executions.
+ Defaults to false.
+ type: boolean
+ targetNamespace:
+ description: TargetNamespace sets or overrides the namespace in the
+ kustomization.yaml file.
+ maxLength: 63
+ minLength: 1
+ type: string
+ timeout:
+ description: Timeout for validation, apply and health checking operations.
+ Defaults to 'Interval' duration.
+ type: string
+ validation:
+ description: Validate the Kubernetes objects before applying them
+ on the cluster. The validation strategy can be 'client' (local dry-run),
+ 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
+ validation will fallback to 'client' if set to 'server' because
+ server-side validation is not supported in this scenario.
+ enum:
+ - none
+ - client
+ - server
+ type: string
+ required:
+ - interval
+ - prune
+ - sourceRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: KustomizationStatus defines the observed state of a kustomization.
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastAppliedRevision:
+ description: The last successfully applied revision. The revision
+ format for Git sources is <branch|tag>/<commit-sha>.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ snapshot:
+ description: The last successfully applied revision metadata.
+ properties:
+ checksum:
+ description: The manifests sha1 checksum.
+ type: string
+ entries:
+ description: A list of Kubernetes kinds grouped by namespace.
+ items:
+ description: Snapshot holds the metadata of namespaced Kubernetes
+ objects
+ properties:
+ kinds:
+ additionalProperties:
+ type: string
+ description: The list of Kubernetes kinds.
+ type: object
+ namespace:
+ description: The namespace of this entry.
+ type: string
+ required:
+ - kinds
+ type: object
+ type: array
+ required:
+ - checksum
+ - entries
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ deprecated: true
+ deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Kustomization is the Schema for the kustomizations API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KustomizationSpec defines the configuration to calculate
+ the desired state from a Source using Kustomize.
+ properties:
+ commonMetadata:
+ description: CommonMetadata specifies the common labels and annotations
+ that are applied to all resources. Any existing label or annotation
+ will be overridden if its key matches a common one.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to the object's metadata.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to the object's metadata.
+ type: object
+ type: object
+ components:
+ description: Components specifies relative paths to specifications
+ of other Components.
+ items:
+ type: string
+ type: array
+ decryption:
+ description: Decrypt Kubernetes secrets before applying them on the
+ cluster.
+ properties:
+ provider:
+ description: Provider is the name of the decryption engine.
+ enum:
+ - sops
+ type: string
+ secretRef:
+ description: The secret name containing the private OpenPGP keys
+ used for decryption.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ dependsOn:
+ description: DependsOn may contain a meta.NamespacedObjectReference
+ slice with references to Kustomization resources that must be ready
+ before this Kustomization can be reconciled.
+ items:
+ description: NamespacedObjectReference contains enough information
+ to locate the referenced Kubernetes resource object in any namespace.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ force:
+ default: false
+ description: Force instructs the controller to recreate resources
+ when patching fails due to an immutable field change.
+ type: boolean
+ healthChecks:
+ description: A list of resources to be included in the health assessment.
+ items:
+ description: NamespacedObjectKindReference contains enough information
+ to locate the typed referenced Kubernetes resource object in any
+ namespace.
+ properties:
+ apiVersion:
+ description: API version of the referent, if not specified the
+ Kubernetes preferred version will be used.
+ type: string
+ kind:
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ images:
+ description: Images is a list of (image name, new name, new tag or
+ digest) for changing image names, tags or digests. This can also
+ be achieved with a patch, but this operator is simpler to specify.
+ items:
+ description: Image contains an image name, a new name, a new tag
+ or digest, which will replace the original name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the original
+ image tag. If digest is present NewTag value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace the original
+ name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the original
+ tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ interval:
+ description: The interval at which to reconcile the Kustomization.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ kubeConfig:
+ description: The KubeConfig for reconciling the Kustomization on a
+ remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
+ forces the controller to act on behalf of that Service Account at
+ the target cluster. If the --default-service-account flag is set,
+ its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
+ is empty.
+ properties:
+ secretRef:
+ description: SecretRef holds the name of a secret that contains
+ a key with the kubeconfig file as the value. If no key is set,
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
+ properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
+ name:
+ description: Name of the Secret.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - secretRef
+ type: object
+ patches:
+ description: Strategic merge and JSON patches, defined as inline YAML
+ objects, capable of targeting objects based on kind, label and annotation
+ selectors.
+ items:
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
+ type: string
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ type: object
+ type: array
+ patchesJson6902:
+ description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
+ Use Patches instead.'
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and the target
+ the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document with
+ an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ properties:
+ from:
+ description: From contains a JSON-pointer value that references
+ a location within the target document where the operation
+ is performed. The meaning of the value depends on the
+ value of Op, and is NOT taken into account by all operations.
+ type: string
+ op:
+ description: Op indicates the operation to perform. Its
+ value MUST be one of "add", "remove", "replace", "move",
+ "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ description: Path contains the JSON-pointer value that
+ references a location within the target document where
+ the operation is performed. The meaning of the value
+ depends on the value of Op.
+ type: string
+ value:
+ description: Value contains a valid JSON structure. The
+ meaning of the value depends on the value of Op, and
+ is NOT taken into account by all operations.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: 'Strategic merge patches, defined as inline YAML objects.
+ Deprecated: Use Patches instead.'
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ path:
+ description: Path to the directory containing the kustomization.yaml
+ file, or the set of plain YAMLs a kustomization.yaml should be generated
+ for. Defaults to 'None', which translates to the root path of the
+ SourceRef.
+ type: string
+ postBuild:
+ description: PostBuild describes which actions to perform on the YAML
+ manifest generated by building the kustomize overlay.
+ properties:
+ substitute:
+ additionalProperties:
+ type: string
+ description: Substitute holds a map of key/value pairs. The variables
+ defined in your YAML manifests that match any of the keys defined
+ in the map will be substituted with the set value. Includes
+ support for bash string replacement functions e.g. ${var:=default},
+ ${var:position} and ${var/substring/replacement}.
+ type: object
+ substituteFrom:
+ description: SubstituteFrom holds references to ConfigMaps and
+ Secrets containing the variables and their values to be substituted
+ in the YAML manifests. The ConfigMap and the Secret data keys
+ represent the var names and they must match the vars declared
+ in the manifests for the substitution to happen.
+ items:
+ description: SubstituteReference contains a reference to a resource
+ containing the variables name and value.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are
+ ('Secret', 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside
+ in the same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ optional:
+ default: false
+ description: Optional indicates whether the referenced resource
+ must exist, or whether to tolerate its absence. If true
+ and the referenced resource is absent, proceed as if the
+ resource was present but empty, without any variables
+ defined.
+ type: boolean
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ type: object
+ prune:
+ description: Prune enables garbage collection.
+ type: boolean
+ retryInterval:
+ description: The interval at which to retry a previously failed reconciliation.
+ When not specified, the controller uses the KustomizationSpec.Interval
+ value to retry failures.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this Kustomization.
+ type: string
+ sourceRef:
+ description: Reference of the source where the kustomization file
+ is.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: Kind of the referent.
+ enum:
+ - OCIRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, defaults to the namespace
+ of the Kubernetes resource object that contains the reference.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ kustomize executions, it does not apply to already started executions.
+ Defaults to false.
+ type: boolean
+ targetNamespace:
+ description: TargetNamespace sets or overrides the namespace in the
+ kustomization.yaml file.
+ maxLength: 63
+ minLength: 1
+ type: string
+ timeout:
+ description: Timeout for validation, apply and health checking operations.
+ Defaults to 'Interval' duration.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ validation:
+ description: 'Deprecated: Not used in v1beta2.'
+ enum:
+ - none
+ - client
+ - server
+ type: string
+ wait:
+ description: Wait instructs the controller to check the health of
+ all the reconciled resources. When enabled, the HealthChecks are
+ ignored. Defaults to false.
+ type: boolean
+ required:
+ - interval
+ - prune
+ - sourceRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: KustomizationStatus defines the observed state of a kustomization.
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ inventory:
+ description: Inventory contains the list of Kubernetes resource object
+ references that have been successfully applied.
+ properties:
+ entries:
+ description: Entries of Kubernetes resource object references.
+ items:
+ description: ResourceRef contains the information necessary
+ to locate a resource within a cluster.
+ properties:
+ id:
+ description: ID is the string representation of the Kubernetes
+ resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
+ type: string
+ v:
+ description: Version is the API version of the Kubernetes
+ resource object's kind.
+ type: string
+ required:
+ - id
+ - v
+ type: object
+ type: array
+ required:
+ - entries
+ type: object
+ lastAppliedRevision:
+ description: The last successfully applied revision. Equals the Revision
+ of the applied Artifact from the referenced Source.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: kustomize-controller
+ namespace: flux-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ control-plane: controller
+ name: kustomize-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kustomize-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: kustomize-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/kustomize-controller:v1.1.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-cluster-critical
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: kustomize-controller
+ terminationGracePeriodSeconds: 60
+ volumes:
+ - emptyDir: {}
+ name: temp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: helm-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: helmreleases.helm.toolkit.fluxcd.io
+spec:
+ group: helm.toolkit.fluxcd.io
+ names:
+ kind: HelmRelease
+ listKind: HelmReleaseList
+ plural: helmreleases
+ shortNames:
+ - hr
+ singular: helmrelease
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v2beta1
+ schema:
+ openAPIV3Schema:
+ description: HelmRelease is the Schema for the helmreleases API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmReleaseSpec defines the desired state of a Helm release.
+ properties:
+ chart:
+ description: Chart defines the template of the v1beta2.HelmChart that
+ should be created for this HelmRelease.
+ properties:
+ metadata:
+ description: ObjectMeta holds the template for metadata like labels
+ and annotations.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/'
+ type: object
+ type: object
+ spec:
+ description: Spec holds the template for the v1beta2.HelmChartSpec
+ for this HelmRelease.
+ properties:
+ chart:
+ description: The name or path the Helm chart is available
+ at in the SourceRef.
+ type: string
+ interval:
+ description: Interval at which to check the v1beta2.Source
+ for updates. Defaults to 'HelmReleaseSpec.Interval'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ reconcileStrategy:
+ default: ChartVersion
+ description: Determines what enables the creation of a new
+ artifact. Valid values are ('ChartVersion', 'Revision').
+ See the documentation of the values for an explanation on
+ their behavior. Defaults to ChartVersion when omitted.
+ enum:
+ - ChartVersion
+ - Revision
+ type: string
+ sourceRef:
+ description: The name and namespace of the v1beta2.Source
+ the chart is available at.
+ properties:
+ apiVersion:
+ description: APIVersion of the referent.
+ type: string
+ kind:
+ description: Kind of the referent.
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent.
+ maxLength: 63
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ valuesFile:
+ description: Alternative values file to use as the default
+ chart values, expected to be a relative path in the SourceRef.
+ Deprecated in favor of ValuesFiles, for backwards compatibility
+ the file defined here is merged before the ValuesFiles items.
+ Ignored when omitted.
+ type: string
+ valuesFiles:
+ description: Alternative list of values files to use as the
+ chart values (values.yaml is not included by default), expected
+ to be a relative path in the SourceRef. Values files are
+ merged in the order of this list with the last file overriding
+ the first. Ignored when omitted.
+ items:
+ type: string
+ type: array
+ verify:
+ description: Verify contains the secret name containing the
+ trusted public keys used to verify the signature and specifies
+ which provider to use to check whether OCI image is authentic.
+ This field is only supported for OCI sources. Chart dependencies,
+ which are not bundled in the umbrella chart artifact, are
+ not verified.
+ properties:
+ provider:
+ default: cosign
+ description: Provider specifies the technology used to
+ sign the OCI Helm chart.
+ enum:
+ - cosign
+ type: string
+ secretRef:
+ description: SecretRef specifies the Kubernetes Secret
+ containing the trusted public keys.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ version:
+ default: '*'
+ description: Version semver expression, ignored for charts
+ from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
+ to latest when omitted.
+ type: string
+ required:
+ - chart
+ - sourceRef
+ type: object
+ required:
+ - spec
+ type: object
+ dependsOn:
+ description: DependsOn may contain a meta.NamespacedObjectReference
+ slice with references to HelmRelease resources that must be ready
+ before this HelmRelease can be reconciled.
+ items:
+ description: NamespacedObjectReference contains enough information
+ to locate the referenced Kubernetes resource object in any namespace.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ install:
+ description: Install holds the configuration for Helm install actions
+ for this HelmRelease.
+ properties:
+ crds:
+ description: "CRDs upgrade CRDs from the Helm Chart's crds directory
+ according to the CRD upgrade policy provided here. Valid values
+ are `Skip`, `Create` or `CreateReplace`. Default is `Create`
+ and if omitted CRDs are installed but not updated. \n Skip:
+ do neither install nor replace (update) any CRDs. \n Create:
+ new CRDs are created, existing CRDs are neither updated nor
+ deleted. \n CreateReplace: new CRDs are created, existing CRDs
+ are updated (replaced) but not deleted. \n By default, CRDs
+ are applied (installed) during Helm install action. With this
+ option users can opt-in to CRD replace existing CRDs on Helm
+ install actions, which is not (yet) natively supported by Helm.
+ https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
+ enum:
+ - Skip
+ - Create
+ - CreateReplace
+ type: string
+ createNamespace:
+ description: CreateNamespace tells the Helm install action to
+ create the HelmReleaseSpec.TargetNamespace if it does not exist
+ yet. On uninstall, the namespace will not be garbage collected.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm install action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm install
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm install has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm install has been performed.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm install action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an install
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false'.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ an uninstall, is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ type: object
+ replace:
+ description: Replace tells the Helm install action to re-use the
+ 'ReleaseName', but only if that name is a deleted release which
+ remains in the history.
+ type: boolean
+ skipCRDs:
+ description: "SkipCRDs tells the Helm install action to not install
+ any CRDs. By default, CRDs are installed if not already present.
+ \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
+ instead."
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ interval:
+ description: Interval at which to reconcile the Helm release. This
+ interval is approximate and may be subject to jitter to ensure efficient
+ use of resources.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ kubeConfig:
+ description: KubeConfig for reconciling the HelmRelease on a remote
+ cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
+ forces the controller to act on behalf of that Service Account at
+ the target cluster. If the --default-service-account flag is set,
+ its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
+ is empty.
+ properties:
+ secretRef:
+ description: SecretRef holds the name of a secret that contains
+ a key with the kubeconfig file as the value. If no key is set,
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
+ properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
+ name:
+ description: Name of the Secret.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - secretRef
+ type: object
+ maxHistory:
+ description: MaxHistory is the number of revisions saved by Helm for
+ this HelmRelease. Use '0' for an unlimited number of revisions;
+ defaults to '10'.
+ type: integer
+ persistentClient:
+ description: "PersistentClient tells the controller to use a persistent
+ Kubernetes client for this release. When enabled, the client will
+ be reused for the duration of the reconciliation, instead of being
+ created and destroyed for each (step of a) Helm action. \n This
+ can improve performance, but may cause issues with some Helm charts
+ that for example do create Custom Resource Definitions during installation
+ outside Helm's CRD lifecycle hooks, which are then not observed
+ to be available by e.g. post-install hooks. \n If not set, it defaults
+ to true."
+ type: boolean
+ postRenderers:
+ description: PostRenderers holds an array of Helm PostRenderers, which
+ will be applied in order of their definition.
+ items:
+ description: PostRenderer contains a Helm PostRenderer specification.
+ properties:
+ kustomize:
+ description: Kustomization to apply as PostRenderer.
+ properties:
+ images:
+ description: Images is a list of (image name, new name,
+ new tag or digest) for changing image names, tags or digests.
+ This can also be achieved with a patch, but this operator
+ is simpler to specify.
+ items:
+ description: Image contains an image name, a new name,
+ a new tag or digest, which will replace the original
+ name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the
+ original image tag. If digest is present NewTag
+ value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace
+ the original name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the
+ original tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ patches:
+ description: Strategic merge and JSON patches, defined as
+ inline YAML objects, capable of targeting objects based
+ on kind, label and annotation selectors.
+ items:
+ description: Patch contains an inline StrategicMerge or
+ JSON6902 patch, and the target the patch should be applied
+ to.
+ properties:
+ patch:
+ description: Patch contains an inline StrategicMerge
+ patch or an inline JSON6902 patch with an array
+ of operation objects.
+ type: string
+ target:
+ description: Target points to the resources that the
+ patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that
+ follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select
+ resources from. Together with Version and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is
+ capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select
+ resources from. Together with Group and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ type: object
+ type: array
+ patchesJson6902:
+ description: JSON 6902 patches, defined as inline YAML objects.
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and
+ the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document
+ with an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object.
+ https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ properties:
+ from:
+ description: From contains a JSON-pointer value
+ that references a location within the target
+ document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
+ type: string
+ op:
+ description: Op indicates the operation to perform.
+ Its value MUST be one of "add", "remove",
+ "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ description: Path contains the JSON-pointer
+ value that references a location within the
+ target document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op.
+ type: string
+ value:
+ description: Value contains a valid JSON structure.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the
+ patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that
+ follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select
+ resources from. Together with Version and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is
+ capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select
+ resources from. Together with Group and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: Strategic merge patches, defined as inline
+ YAML objects.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ type: object
+ type: object
+ type: array
+ releaseName:
+ description: ReleaseName used for the Helm release. Defaults to a
+ composition of '[TargetNamespace-]Name'.
+ maxLength: 53
+ minLength: 1
+ type: string
+ rollback:
+ description: Rollback holds the configuration for Helm rollback actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm rollback action when it fails.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm rollback has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm rollback has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ recreate:
+ description: Recreate performs pod restarts for the resource if
+ applicable.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this HelmRelease.
+ type: string
+ storageNamespace:
+ description: StorageNamespace used for the Helm storage. Defaults
+ to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
+ suspend:
+ description: Suspend tells the controller to suspend reconciliation
+ for this HelmRelease, it does not apply to already started reconciliations.
+ Defaults to false.
+ type: boolean
+ targetNamespace:
+ description: TargetNamespace to target when performing operations
+ for the HelmRelease. Defaults to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
+ test:
+ description: Test holds the configuration for Helm test actions for
+ this HelmRelease.
+ properties:
+ enable:
+ description: Enable enables Helm test actions for this HelmRelease
+ after an Helm install or upgrade action has been performed.
+ type: boolean
+ ignoreFailures:
+ description: IgnoreFailures tells the controller to skip remediation
+ when the Helm tests are run but fail. Can be overwritten for
+ tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
+ and 'Upgrade.IgnoreTestFailures'.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation during the performance of a Helm test action. Defaults
+ to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a Helm
+ action. Defaults to '5m0s'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ uninstall:
+ description: Uninstall holds the configuration for Helm uninstall
+ actions for this HelmRelease.
+ properties:
+ deletionPropagation:
+ default: background
+ description: DeletionPropagation specifies the deletion propagation
+ policy when a Helm uninstall is performed.
+ enum:
+ - background
+ - foreground
+ - orphan
+ type: string
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ disableWait:
+ description: DisableWait disables waiting for all the resources
+ to be deleted after a Helm uninstall is performed.
+ type: boolean
+ keepHistory:
+ description: KeepHistory tells Helm to remove all associated resources
+ and mark the release as deleted, but retain the release history.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ upgrade:
+ description: Upgrade holds the configuration for Helm upgrade actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm upgrade action when it fails.
+ type: boolean
+ crds:
+ description: "CRDs upgrade CRDs from the Helm Chart's crds directory
+ according to the CRD upgrade policy provided here. Valid values
+ are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
+ if omitted CRDs are neither installed nor upgraded. \n Skip:
+ do neither install nor replace (update) any CRDs. \n Create:
+ new CRDs are created, existing CRDs are neither updated nor
+ deleted. \n CreateReplace: new CRDs are created, existing CRDs
+ are updated (replaced) but not deleted. \n By default, CRDs
+ are not applied during Helm upgrade action. With this option
+ users can opt-in to CRD upgrade, which is not (yet) natively
+ supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
+ enum:
+ - Skip
+ - Create
+ - CreateReplace
+ type: string
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm upgrade action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm upgrade
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm upgrade has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm upgrade has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ preserveValues:
+ description: PreserveValues will make Helm reuse the last release's
+ values and merge in overrides from 'Values'. Setting this flag
+ makes the HelmRelease non-declarative.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm upgrade action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an upgrade
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false' unless 'Retries' is greater than 0.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ 'Strategy', is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ strategy:
+ description: Strategy to use for failure remediation. Defaults
+ to 'rollback'.
+ enum:
+ - rollback
+ - uninstall
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ values:
+ description: Values holds the values for this Helm release.
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFrom:
+ description: ValuesFrom holds references to resources containing Helm
+ values for this HelmRelease, and information about how they should
+ be merged.
+ items:
+ description: ValuesReference contains a reference to a resource
+ containing Helm values, and optionally the key they can be found
+ at.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are ('Secret',
+ 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside in the
+ same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ optional:
+ description: Optional marks this ValuesReference as optional.
+ When set, a not found error for the values reference is ignored,
+ but any ValuesKey, TargetPath or transient error will still
+ result in a reconciliation failure.
+ type: boolean
+ targetPath:
+ description: TargetPath is the YAML dot notation path the value
+ should be merged at. When set, the ValuesKey is expected to
+ be a single flat value. Defaults to 'None', which results
+ in the values getting merged at the root.
+ maxLength: 250
+ pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
+ type: string
+ valuesKey:
+ description: ValuesKey is the data key where the values.yaml
+ or a specific value can be found at. Defaults to 'values.yaml'.
+ When set, must be a valid Data Key, consisting of alphanumeric
+ characters, '-', '_' or '.'.
+ maxLength: 253
+ pattern: ^[\-._a-zA-Z0-9]+$
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - chart
+ - interval
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmReleaseStatus defines the observed state of a HelmRelease.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the HelmRelease.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ failures:
+ description: Failures is the reconciliation failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ helmChart:
+ description: HelmChart is the namespaced name of the HelmChart resource
+ created by the controller for the HelmRelease.
+ type: string
+ installFailures:
+ description: InstallFailures is the install failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ lastAppliedRevision:
+ description: LastAppliedRevision is the revision of the last successfully
+ applied source.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
+ type: string
+ lastAttemptedValuesChecksum:
+ description: LastAttemptedValuesChecksum is the SHA1 checksum of the
+ values of the last reconciliation attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ lastReleaseRevision:
+ description: LastReleaseRevision is the revision of the last successful
+ Helm release.
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ upgradeFailures:
+ description: UpgradeFailures is the upgrade failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: helm-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: helm-controller
+ namespace: flux-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: helm-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ control-plane: controller
+ name: helm-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helm-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: helm-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/helm-controller:v0.36.2
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-cluster-critical
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: helm-controller
+ terminationGracePeriodSeconds: 600
+ volumes:
+ - emptyDir: {}
+ name: temp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: alerts.notification.toolkit.fluxcd.io
+spec:
+ group: notification.toolkit.fluxcd.io
+ names:
+ kind: Alert
+ listKind: AlertList
+ plural: alerts
+ singular: alert
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Alert is the Schema for the alerts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AlertSpec defines an alerting rule for events involving a
+ list of objects
+ properties:
+ eventSeverity:
+ default: info
+ description: Filter events based on severity, defaults to ('info').
+ If set to 'info' no events will be filtered.
+ enum:
+ - info
+ - error
+ type: string
+ eventSources:
+ description: Filter events based on the involved objects.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ name:
+ description: Name of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ exclusionList:
+ description: A list of Golang regular expressions to be used for excluding
+ messages.
+ items:
+ type: string
+ type: array
+ providerRef:
+ description: Send events using this provider.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ summary:
+ description: Short description of the impact and affected cluster.
+ type: string
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events dispatching. Defaults to false.
+ type: boolean
+ required:
+ - eventSources
+ - providerRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: AlertStatus defines the observed state of Alert
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Alert is the Schema for the alerts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AlertSpec defines an alerting rule for events involving a
+ list of objects.
+ properties:
+ eventMetadata:
+ additionalProperties:
+ type: string
+ description: EventMetadata is an optional field for adding metadata
+ to events dispatched by the controller. This can be used for enhancing
+ the context of the event. If a field would override one already
+ present on the original event as generated by the emitter, then
+ the override doesn't happen, i.e. the original value is preserved,
+ and an info log is printed.
+ type: object
+ eventSeverity:
+ default: info
+ description: EventSeverity specifies how to filter events based on
+ severity. If set to 'info' no events will be filtered.
+ enum:
+ - info
+ - error
+ type: string
+ eventSources:
+ description: EventSources specifies how to filter events based on
+ the involved object kind, name and namespace.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed. MatchLabels requires the name to be set to `*`.
+ type: object
+ name:
+ description: Name of the referent If multiple resources are
+ targeted `*` may be set.
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ exclusionList:
+ description: ExclusionList specifies a list of Golang regular expressions
+ to be used for excluding messages.
+ items:
+ type: string
+ type: array
+ inclusionList:
+ description: InclusionList specifies a list of Golang regular expressions
+ to be used for including messages.
+ items:
+ type: string
+ type: array
+ providerRef:
+ description: ProviderRef specifies which Provider this Alert should
+ use.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ summary:
+ description: Summary holds a short description of the impact and affected
+ cluster.
+ maxLength: 255
+ type: string
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this Alert.
+ type: boolean
+ required:
+ - eventSources
+ - providerRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: AlertStatus defines the observed state of the Alert.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Alert.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: providers.notification.toolkit.fluxcd.io
+spec:
+ group: notification.toolkit.fluxcd.io
+ names:
+ kind: Provider
+ listKind: ProviderList
+ plural: providers
+ singular: provider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Provider is the Schema for the providers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ProviderSpec defines the desired state of Provider
+ properties:
+ address:
+ description: HTTP/S webhook address of this provider
+ pattern: ^(http|https)://
+ type: string
+ certSecretRef:
+ description: CertSecretRef can be given the name of a secret containing
+ a PEM-encoded CA certificate (`caFile`)
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ channel:
+ description: Alert channel for this provider
+ type: string
+ proxy:
+ description: HTTP/S address of the proxy
+ pattern: ^(http|https)://
+ type: string
+ secretRef:
+ description: Secret reference containing the provider webhook URL
+ using "address" as data key
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events handling. Defaults to false.
+ type: boolean
+ timeout:
+ description: Timeout for sending alerts to the provider.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ type:
+ description: Type of provider
+ enum:
+ - slack
+ - discord
+ - msteams
+ - rocket
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - azuredevops
+ - googlechat
+ - webex
+ - sentry
+ - azureeventhub
+ - telegram
+ - lark
+ - matrix
+ - opsgenie
+ - alertmanager
+ - grafana
+ - githubdispatch
+ type: string
+ username:
+ description: Bot username for this provider
+ type: string
+ required:
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ProviderStatus defines the observed state of Provider
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Provider is the Schema for the providers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ProviderSpec defines the desired state of the Provider.
+ properties:
+ address:
+ description: Address specifies the endpoint, in a generic sense, to
+ where alerts are sent. What kind of endpoint depends on the specific
+ Provider type being used. For the generic Provider, for example,
+ this is an HTTP/S address. For other Provider types this could be
+ a project ID or a namespace.
+ maxLength: 2048
+ type: string
+ certSecretRef:
+ description: "CertSecretRef specifies the Secret containing a PEM-encoded
+ CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile`
+ key has been deprecated."
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ channel:
+ description: Channel specifies the destination channel where events
+ should be posted.
+ maxLength: 2048
+ type: string
+ interval:
+ description: Interval at which to reconcile the Provider with its
+ Secret references.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ proxy:
+ description: Proxy the HTTP/S address of the proxy server.
+ maxLength: 2048
+ pattern: ^(http|https)://.*$
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing the authentication
+ credentials for this Provider.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this Provider.
+ type: boolean
+ timeout:
+ description: Timeout for sending alerts to the Provider.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ type:
+ description: Type specifies which Provider implementation to use.
+ enum:
+ - slack
+ - discord
+ - msteams
+ - rocket
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - gitea
+ - bitbucket
+ - azuredevops
+ - googlechat
+ - googlepubsub
+ - webex
+ - sentry
+ - azureeventhub
+ - telegram
+ - lark
+ - matrix
+ - opsgenie
+ - alertmanager
+ - grafana
+ - githubdispatch
+ - pagerduty
+ - datadog
+ type: string
+ username:
+ description: Username specifies the name under which events are posted.
+ maxLength: 2048
+ type: string
+ required:
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ProviderStatus defines the observed state of the Provider.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Provider.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: receivers.notification.toolkit.fluxcd.io
+spec:
+ group: notification.toolkit.fluxcd.io
+ names:
+ kind: Receiver
+ listKind: ReceiverList
+ plural: receivers
+ singular: receiver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Receiver is the Schema for the receivers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ReceiverSpec defines the desired state of the Receiver.
+ properties:
+ events:
+ description: Events specifies the list of event types to handle, e.g.
+ 'push' for GitHub or 'Push Hook' for GitLab.
+ items:
+ type: string
+ type: array
+ interval:
+ default: 10m
+ description: Interval at which to reconcile the Receiver with its
+ Secret references.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ resources:
+ description: A list of resources to be notified about changes.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed. MatchLabels requires the name to be set to `*`.
+ type: object
+ name:
+ description: Name of the referent If multiple resources are
+ targeted `*` may be set.
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ secretRef:
+ description: SecretRef specifies the Secret containing the token used
+ to validate the payload authenticity.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this receiver.
+ type: boolean
+ type:
+ description: Type of webhook sender, used to determine the validation
+ procedure and payload deserialization.
+ enum:
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - harbor
+ - dockerhub
+ - quay
+ - gcr
+ - nexus
+ - acr
+ type: string
+ required:
+ - resources
+ - secretRef
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ReceiverStatus defines the observed state of the Receiver.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Receiver.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the Receiver object.
+ format: int64
+ type: integer
+ webhookPath:
+ description: WebhookPath is the generated incoming webhook address
+ in the format of '/hook/sha256sum(token+name+namespace)'.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ deprecated: true
+ deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Receiver is the Schema for the receivers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ReceiverSpec defines the desired state of Receiver
+ properties:
+ events:
+ description: A list of events to handle, e.g. 'push' for GitHub or
+ 'Push Hook' for GitLab.
+ items:
+ type: string
+ type: array
+ resources:
+ description: A list of resources to be notified about changes.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ name:
+ description: Name of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ secretRef:
+ description: Secret reference containing the token used to validate
+ the payload authenticity
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events handling. Defaults to false.
+ type: boolean
+ type:
+ description: Type of webhook sender, used to determine the validation
+ procedure and payload deserialization.
+ enum:
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - harbor
+ - dockerhub
+ - quay
+ - gcr
+ - nexus
+ - acr
+ type: string
+ required:
+ - resources
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ReceiverStatus defines the observed state of Receiver
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ deprecated: true
+ deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Receiver is the Schema for the receivers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ReceiverSpec defines the desired state of the Receiver.
+ properties:
+ events:
+ description: Events specifies the list of event types to handle, e.g.
+ 'push' for GitHub or 'Push Hook' for GitLab.
+ items:
+ type: string
+ type: array
+ interval:
+ description: Interval at which to reconcile the Receiver with its
+ Secret references.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ resources:
+ description: A list of resources to be notified about changes.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed. MatchLabels requires the name to be set to `*`.
+ type: object
+ name:
+ description: Name of the referent If multiple resources are
+ targeted `*` may be set.
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ secretRef:
+ description: SecretRef specifies the Secret containing the token used
+ to validate the payload authenticity.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this receiver.
+ type: boolean
+ type:
+ description: Type of webhook sender, used to determine the validation
+ procedure and payload deserialization.
+ enum:
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - harbor
+ - dockerhub
+ - quay
+ - gcr
+ - nexus
+ - acr
+ type: string
+ required:
+ - resources
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ReceiverStatus defines the observed state of the Receiver.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Receiver.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the Receiver object.
+ format: int64
+ type: integer
+ url:
+ description: 'URL is the generated incoming webhook address in the
+ format of ''/hook/sha256sum(token+name+namespace)''. Deprecated:
+ Replaced by WebhookPath.'
+ type: string
+ webhookPath:
+ description: WebhookPath is the generated incoming webhook address
+ in the format of '/hook/sha256sum(token+name+namespace)'.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ name: notification-controller
+ namespace: flux-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ control-plane: controller
+ name: notification-controller
+ namespace: flux-system
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: notification-controller
+ type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ control-plane: controller
+ name: webhook-receiver
+ namespace: flux-system
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http-webhook
+ selector:
+ app: notification-controller
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.1.2
+ control-plane: controller
+ name: notification-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: notification-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: notification-controller
+ spec:
+ containers:
+ - args:
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/notification-controller:v1.1.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ protocol: TCP
+ - containerPort: 9292
+ name: http-webhook
+ protocol: TCP
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: notification-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: temp
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/gotk-sync.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/gotk-sync.yaml
new file mode 100644
index 0000000..4346fee
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/gotk-sync.yaml
@@ -0,0 +1,44 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# This manifest was generated by flux. DO NOT EDIT.
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: flux-system
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: flux-system
+ url: ${FLEET_REPO_URL}
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: flux-system
+ namespace: flux-system
+spec:
+ interval: 10m0s
+ path: ./clusters/${CLUSTER_KUSTOMIZATION_NAME}
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/kustomization.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/kustomization.yaml
new file mode 100644
index 0000000..705b72e
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/flux-system/kustomization.yaml
@@ -0,0 +1,22 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- gotk-components.yaml
+- gotk-sync.yaml
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/infra-configs.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/infra-configs.yaml
new file mode 100644
index 0000000..d2879eb
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/infra-configs.yaml
@@ -0,0 +1,49 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: infra-configs
+ namespace: flux-system
+ labels:
+ osm_profile_type: infra-configs
+spec:
+ dependsOn:
+ - name: infra-controllers
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${INFRA_CONFIGS_PATH}
+ prune: true
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ # patches:
+ # - patch: |
+ # - op: replace
+ # path: /spec/acme/server
+ # value: https://acme-v02.api.letsencrypt.org/directory
+ # target:
+ # kind: ClusterIssuer
+ # name: letsencrypt
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/infra-controllers.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/infra-controllers.yaml
new file mode 100644
index 0000000..671afc8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/infra-controllers.yaml
@@ -0,0 +1,40 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: infra-controllers
+ namespace: flux-system
+ labels:
+ osm_profile_type: infra-controllers
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${INFRA_CONTROLLERS_PATH}
+ prune: true
+ wait: true
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/kustomization.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/kustomization.yaml
new file mode 100644
index 0000000..6e3c9af
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/kustomization.yaml
@@ -0,0 +1,36 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Repos
+ - fleet-repo.yaml
+ - sw-catalogs-repo.yaml
+
+ # Base cluster structure (CRDs, operators and their configs)
+ - infra-controllers.yaml
+ - infra-configs.yaml
+
+ # Managed resources
+ - managed-resources.yaml
+
+ # Managed apps
+ - apps.yaml
+
+ # Adds also the `flux-system` folder to preserve bootstrap structure
+ - flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/managed-resources.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/managed-resources.yaml
new file mode 100644
index 0000000..2d59cc9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/managed-resources.yaml
@@ -0,0 +1,52 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+# apiVersion: v1
+# kind: Namespace
+# metadata:
+# name: managed-resources
+
+---
+# Managed resources
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: managed-resources
+ namespace: flux-system
+ labels:
+ osm_profile_type: managed-resources
+spec:
+ # interval: 10m0s
+ interval: 7m0s
+ dependsOn:
+ - name: infra-configs
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${MANAGED_RESOURCES_PATH}
+ prune: true
+ wait: true
+ # timeout: 5m0s
+ timeout: 7m0s
+ retryInterval: 2m0s
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/sw-catalogs-repo.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/sw-catalogs-repo.yaml
new file mode 100644
index 0000000..75bc138
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base/templates/sw-catalogs-repo.yaml
@@ -0,0 +1,30 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: sw-catalogs
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: sw-catalogs
+ url: ${SW_CATALOGS_REPO_URL}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/empty-kustomization/manifests/configmap/reference-cm.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/empty-kustomization/manifests/configmap/reference-cm.yaml
new file mode 100644
index 0000000..f038bd0
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/empty-kustomization/manifests/configmap/reference-cm.yaml
@@ -0,0 +1,25 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Template for creating remote ConfigMaps
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: ${configmap_name}
+ namespace: ${configmap_namespace}
+data: {}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/empty-kustomization/templates/kustomization-placeholder.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/empty-kustomization/templates/kustomization-placeholder.yaml
new file mode 100644
index 0000000..9742d3f
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/empty-kustomization/templates/kustomization-placeholder.yaml
@@ -0,0 +1,50 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Creates required remote namespaces
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ interval: 1m
+ timeout: 5m
+ prune: true
+ # force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/empty-kustomization/manifests/configmap
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: ${configmap_name}
+ namespace: ${configmap_namespace}
+ data:
+ kubeconfig: ${kubeconfig_secret_name}
+ # Inputs:
+ postBuild:
+ substitute:
+ configmap_name: imported-${CLUSTER_KUSTOMIZATION_NAME}
+ configmap_namespace: managed-resources
+ kubeconfig_secret_name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/gke/manifests/gke.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/gke/manifests/gke.yaml
new file mode 100644
index 0000000..1677801
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/gke/manifests/gke.yaml
@@ -0,0 +1,91 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: container.gcp.upbound.io/v1beta1
+kind: NodePool
+metadata:
+ annotations:
+ meta.upbound.io/example-id: container/v1beta1/nodepool
+ labels:
+ testing.upbound.io/example-name: ${cluster_name}
+ name: nodepool-${cluster_resource_name}
+spec:
+ forProvider:
+ # Force K8s version
+ # version: '1.27'
+ clusterSelector:
+ matchLabels:
+ testing.upbound.io/example-name: ${cluster_name}
+ nodeConfig:
+ - machineType: ${vm_size}
+ oauthScopes:
+ - https://www.googleapis.com/auth/cloud-platform
+ preemptible: ${preemptible_nodes}
+ serviceAccountSelector:
+ matchLabels:
+ testing.upbound.io/example-name: ${cluster_name}
+ nodeCount: 1
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: container.gcp.upbound.io/v1beta1
+kind: Cluster
+metadata:
+ annotations:
+ meta.upbound.io/example-id: container/v1beta1/cluster
+ labels:
+ testing.upbound.io/example-name: ${cluster_name}
+ name: ${cluster_resource_name}
+spec:
+ forProvider:
+ initialNodeCount: 1
+ location: ${cluster_location}
+ # Force K8s version
+ minMasterVersion: '1.27'
+ removeDefaultNodePool: true
+ # To enable client authentication in GKE:
+ # See: <https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containercluster>
+ masterAuth:
+ - clientCertificateConfig:
+ - issueClientCertificate: true
+ publishConnectionDetailsTo:
+ name: kubeconfig-${cluster_resource_name}
+ writeConnectionSecretToRef:
+ name: kubeconfig-${cluster_resource_name}
+ namespace: managed-resources
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: cloudplatform.gcp.upbound.io/v1beta1
+kind: ServiceAccount
+metadata:
+ annotations:
+ meta.upbound.io/example-id: container/v1beta1/nodepool
+ labels:
+ testing.upbound.io/example-name: ${cluster_name}
+ name: ${cluster_resource_name}
+spec:
+ forProvider:
+ displayName: Service Account for Cluster ${cluster_name}
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/gke/templates/gke01.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/gke/templates/gke01.yaml
new file mode 100644
index 0000000..9eccda6
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/gke/templates/gke01.yaml
@@ -0,0 +1,99 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# TEMPLATE_PARAMETERS:
+# ===================
+#
+# CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (e.g., for `Kustomization`s).
+# - Alternatively, it can be patched at:
+# .metadata.name
+# .metadata.labels.cluster
+# .spec.commonMetadata.labels.cluster
+#
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .spec.postBuild.substitute.providerconfig_name: Name of the GCP ProviderConfig to use to create the GKE cluster.
+# .spec.postBuild.substitute.cluster_name: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
+# .spec.postBuild.substitute.k8s_version: Kubernetes version.
+# .spec.postBuild.substitute.node_count: Number of worker nodes.
+# .spec.postBuild.substitute.vm_size: Flavor of worker node VMs.
+# .spec.postBuild.substitute.cluster_location: Target cluster region.
+# .spec.postBuild.substitute.preemptible_nodes: (default: "false")
+
+# Cluster resource
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ commonMetadata:
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/gke/manifests
+ prune: true
+ # force: true
+ wait: true
+ patches:
+ - patch: |-
+ apiVersion: container.gcp.upbound.io/v1beta1
+ kind: NodePool
+ metadata:
+ name: nodepool-${cluster_resource_name}
+ spec:
+ forProvider:
+ version: "${k8s_version}"
+ nodeConfig:
+ - machineType: ${vm_size}
+ oauthScopes:
+ - https://www.googleapis.com/auth/cloud-platform
+ preemptible: ${preemptible_nodes}
+ serviceAccountSelector:
+ matchLabels:
+ testing.upbound.io/example-name: ${cluster_name}
+ nodeCount: ${node_count}
+ - patch: |-
+ apiVersion: container.gcp.upbound.io/v1beta1
+ kind: Cluster
+ metadata:
+ name: ${cluster_resource_name}
+ spec:
+ forProvider:
+ minMasterVersion: "${k8s_version}"
+ # Input parameters
+ postBuild:
+ substitute:
+ providerconfig_name: default
+ cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
+ cluster_name: mygkecluster01
+ k8s_version: "'1.28'"
+ node_count: "1"
+ vm_size: e2-medium
+ cluster_location: europe-southwest1-a
+ # GKE only
+ preemptible_nodes: "false"
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/aws/templates/crossplane-providerconfig-aws.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/aws/templates/crossplane-providerconfig-aws.yaml
new file mode 100644
index 0000000..f4fa5b3
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/aws/templates/crossplane-providerconfig-aws.yaml
@@ -0,0 +1,37 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .metadata.name: (default: "default") Name of the `ProviderConfig` for the cloud credentials.
+# .spec.credentials.secretRef.name: (default: "aws-creds") Name of the secret where the credentials are stored.
+
+# Default configuration for AWS provider for Crossplane
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+ name: default
+spec:
+ credentials:
+ source: Secret
+ secretRef:
+ namespace: crossplane-system
+ name: aws-creds
+ key: creds
+
\ No newline at end of file
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/azure/templates/crossplane-providerconfig-azure.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/azure/templates/crossplane-providerconfig-azure.yaml
new file mode 100644
index 0000000..d557657
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/azure/templates/crossplane-providerconfig-azure.yaml
@@ -0,0 +1,36 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .metadata.name: (default: "default") Name of the `ProviderConfig` for the cloud credentials.
+# .spec.credentials.secretRef.name: (default: "azure-creds") Name of the secret where the credentials are stored.
+
+# Default configuration for Azure provider for Crossplane
+apiVersion: azure.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+ name: default
+spec:
+ credentials:
+ source: Secret
+ secretRef:
+ namespace: crossplane-system
+ name: azure-creds
+ key: creds
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/gcp/templates/crossplane-providerconfig-gcp.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/gcp/templates/crossplane-providerconfig-gcp.yaml
new file mode 100644
index 0000000..849753b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/crossplane/providers/gcp/templates/crossplane-providerconfig-gcp.yaml
@@ -0,0 +1,37 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .metadata.name: (default: "default") Name of the `ProviderConfig` for the cloud credentials.
+# .spec.credentials.secretRef.name: (default: "gcp-creds") Name of the secret where the credentials are stored.
+
+# Default configuration for GCP provider for Crossplane
+apiVersion: gcp.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+ name: default
+spec:
+ projectID: ${GCP_PROJECT}
+ credentials:
+ source: Secret
+ secretRef:
+ namespace: crossplane-system
+ name: gcp-creds
+ key: creds
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/cluster-role-binding-dashboard.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/cluster-role-binding-dashboard.yaml
new file mode 100644
index 0000000..9bb21ab
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/cluster-role-binding-dashboard.yaml
@@ -0,0 +1,29 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: admin-user
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: admin-user
+ namespace: kubernetes-dashboard
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/sa-dashboard.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/sa-dashboard.yaml
new file mode 100644
index 0000000..51325a1
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/sa-dashboard.yaml
@@ -0,0 +1,22 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: admin-user
+ namespace: kubernetes-dashboard
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/secret-token-dashboard.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/secret-token-dashboard.yaml
new file mode 100644
index 0000000..d7c170c
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/kubernetes-dashboard/templates/secret-token-dashboard.yaml
@@ -0,0 +1,25 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: admin-user
+ namespace: kubernetes-dashboard
+ annotations:
+ kubernetes.io/service-account.name: "admin-user"
+type: kubernetes.io/service-account-token
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/sa-and-role.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/sa-and-role.yaml
new file mode 100644
index 0000000..6170b65
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/sa-and-role.yaml
@@ -0,0 +1,87 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: argo
+ namespace: osm-workflows
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: argo-role
+ namespace: osm-workflows
+rules:
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - secrets
+ - configmaps
+ - persistentvolumeclaims
+ - persistentvolumeclaims/finalizers
+ verbs:
+ - create
+ - update
+ - delete
+ - get
+ - patch
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflowtaskresults
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: argo-binding
+ namespace: osm-workflows
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: argo-role
+subjects:
+- kind: ServiceAccount
+ name: argo
+ namespace: osm-workflows
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: default-binding
+ namespace: osm-workflows
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: argo-role
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: osm-workflows
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/clone-transform-push-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/clone-transform-push-wft.yaml
new file mode 100644
index 0000000..537753a
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/clone-transform-push-wft.yaml
@@ -0,0 +1,133 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: clone-transform-push-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Transformation template
+ - name: templateref_name
+ # value: debugging-wft
+ - name: templateref_template
+ # value: ls-command
+
+ entrypoint: main
+
+ templates:
+
+ # Main template
+ - name: main
+ inputs:
+ parameters:
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ - name: templateref_name
+ - name: templateref_template
+ steps:
+ - - name: generate-volume-repos
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-volume-repos.outputs.parameters.pvc-name}}'
+ - - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-volume-repos.outputs.parameters.pvc-name}}'
+ - - name: transform
+ templateRef:
+ name: "{{inputs.parameters.templateref_name}}"
+ template: "{{inputs.parameters.templateref_template}}"
+ arguments:
+ parameters:
+ - name: folder
+ value: "/repos"
+ - name: volume_name
+ value: '{{steps.generate-volume-repos.outputs.parameters.pvc-name}}'
+ - name: mount_path
+ value: "/repos"
+ # - - name: list-repo-files
+ # template: ls-command
+ # arguments:
+ # parameters:
+ # - name: folder
+ # value: "/repos"
+ # - name: volume_name
+ # value: '{{steps.generate-volume-repos.outputs.parameters.pvc-name}}'
+ # - name: mount_path
+ # value: "/repos"
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-volume-repos.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "My test commit message"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cloud-accounts-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cloud-accounts-wft.yaml
new file mode 100644
index 0000000..18c739d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cloud-accounts-wft.yaml
@@ -0,0 +1,267 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: cloud-accounts-wft
+ namespace: osm-workflows
+spec:
+ templates:
+
+ # Create a `ProviderConfig` for CrossPlane
+ - name: create-crossplane-providerconfig
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: providerconfig_name
+ ## As of today, one among `azure`, `aws` or `gcp`
+ - name: provider_type
+ ## Final secret to reference from the `ProviderConfig`
+ - name: cred_secret_name
+ ## Temporary secret with secret contents for the workflow
+ ## - If `temp_cred_secret_name` is empty, assumes that the final secret already exists
+ - name: temp_cred_secret_name
+ value: ""
+ - name: temp_cred_secret_key
+ value: "creds"
+ - name: age_public_key_mgmt
+ - name: osm_project_name
+ value: "osm_admin"
+ ## Specific parameters - GCP only
+ - name: target_gcp_project
+ value: ""
+ # Debug?
+ - name: debug
+ value: "false"
+
+ # Other parameters - Do not touch
+ - name: cred_secret_key
+ value: "creds"
+ - name: mgmt_cluster_name
+ value: "_management"
+ - name: cred_secret_ns
+ value: "crossplane-system"
+ - name: base_templates_path
+ value: "infra-configs/crossplane/providers"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: CRED_SECRET_CONTENT
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.temp_cred_secret_name}}"
+ key: "{{inputs.parameters.temp_cred_secret_key}}"
+ default: ""
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_crossplane_providerconfig
+ - "{{inputs.parameters.providerconfig_name}}"
+ - "{{inputs.parameters.provider_type}}"
+ - "{{inputs.parameters.cred_secret_name}}"
+ - "{{inputs.parameters.cred_secret_key}}"
+ - "{{inputs.parameters.cred_secret_ns}}"
+ - ''
+ - "{{inputs.parameters.age_public_key_mgmt}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ - "{{inputs.parameters.target_gcp_project}}"
+ - "{{inputs.parameters.base_templates_path}}"
+ - "{{inputs.parameters.osm_project_name}}"
+ - "{{inputs.parameters.mgmt_cluster_name}}"
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # Update a `ProviderConfig` for CrossPlane
+ - name: update-crossplane-providerconfig
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: providerconfig_name
+ ## As of today, one among `azure`, `aws` or `gcp`
+ - name: provider_type
+ ## Final secret to reference from the `ProviderConfig`
+ - name: cred_secret_name
+ ## Temporary secret with secret contents for the workflow
+ ## - If `temp_cred_secret_name` is empty, assumes that the final secret already exists
+ - name: temp_cred_secret_name
+ value: ""
+ - name: temp_cred_secret_key
+ value: "creds"
+ - name: age_public_key_mgmt
+ - name: osm_project_name
+ value: "osm_admin"
+ ## Specific parameters - GCP only
+ - name: target_gcp_project
+ value: ""
+ # Debug?
+ - name: debug
+ value: "false"
+
+ # Other parameters - Do not touch
+ - name: cred_secret_key
+ value: "creds"
+ - name: mgmt_cluster_name
+ value: "_management"
+ - name: cred_secret_ns
+ value: "crossplane-system"
+ - name: base_templates_path
+ value: "infra-configs/crossplane/providers"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: CRED_SECRET_CONTENT
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.temp_cred_secret_name}}"
+ key: "{{inputs.parameters.temp_cred_secret_key}}"
+ default: ""
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - update_crossplane_providerconfig
+ - "{{inputs.parameters.providerconfig_name}}"
+ - "{{inputs.parameters.provider_type}}"
+ - "{{inputs.parameters.cred_secret_name}}"
+ - "{{inputs.parameters.cred_secret_key}}"
+ - "{{inputs.parameters.cred_secret_ns}}"
+ - ''
+ - "{{inputs.parameters.age_public_key_mgmt}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ - "{{inputs.parameters.target_gcp_project}}"
+ - "{{inputs.parameters.base_templates_path}}"
+ - "{{inputs.parameters.osm_project_name}}"
+ - "{{inputs.parameters.mgmt_cluster_name}}"
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+
+ # Delete a `ProviderConfig` for CrossPlane
+ - name: delete-crossplane-providerconfig
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: providerconfig_name
+ ## As of today, one among `azure`, `aws` or `gcp`
+ - name: provider_type
+ - name: osm_project_name
+ value: "osm_admin"
+ # Debug?
+ - name: debug
+ value: "false"
+
+ # Other parameters - Do not touch
+ - name: mgmt_cluster_name
+ value: "_management"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - delete_crossplane_providerconfig
+ - "{{inputs.parameters.providerconfig_name}}"
+ - "{{inputs.parameters.provider_type}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - "{{inputs.parameters.osm_project_name}}"
+ - "{{inputs.parameters.mgmt_cluster_name}}"
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
new file mode 100644
index 0000000..f70c676
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
@@ -0,0 +1,480 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: cluster-management-wft
+ namespace: osm-workflows
+spec:
+ templates:
+
+ # Create a PaaS cluster using CrossPlane (any cloud)
+ - name: create-crossplane-cluster
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: cluster_name
+ ## As of today, one among `aks`, `eks` or `gke`:
+ - name: cluster_type
+ - name: providerconfig_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: k8s_version
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ value: "agekey"
+ - name: fleet_repo_url
+ - name: sw_catalogs_repo_url
+ - name: mgmt_project_name
+ value: "osm_admin"
+ ## Do we want to skip OSM's bootstrap?
+ - name: skip_bootstrap
+ value: "false"
+ ## AKS only (otherwise, empty)
+ - name: rg_name
+ values: ""
+ ## GKE only (otherwise, empty)
+ - name: preemptible_nodes
+ values: "false"
+ # Other parameters - Recommended to keep defaults
+ - name: mgmt_cluster_name
+ value: "_management"
+ - name: base_templates_path
+ value: "cloud-resources"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: PRIVATE_KEY_NEW_CLUSTER
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.secret_name_private_age_key_for_new_cluster}}"
+ key: "{{inputs.parameters.key_name_in_secret}}"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_crossplane_cluster
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.cluster_name}}"
+ - "{{inputs.parameters.cluster_type}}"
+ - "{{inputs.parameters.providerconfig_name}}"
+ - "{{inputs.parameters.vm_size}}"
+ - "{{inputs.parameters.node_count}}"
+ - "{{inputs.parameters.cluster_location}}"
+ - "{{inputs.parameters.k8s_version}}"
+ - "{{inputs.parameters.public_key_mgmt}}"
+ - "{{inputs.parameters.public_key_new_cluster}}"
+ - ''
+ - "{{inputs.parameters.rg_name}}"
+ - "{{inputs.parameters.preemptible_nodes}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - "{{inputs.parameters.fleet_repo_url}}"
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ - "{{inputs.parameters.sw_catalogs_repo_url}}"
+ - "{{inputs.parameters.skip_bootstrap}}"
+ - "{{inputs.parameters.mgmt_project_name}}"
+ - "{{inputs.parameters.mgmt_cluster_name}}"
+ - "{{inputs.parameters.base_templates_path}}"
+
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+
+
+ # Update a PaaS cluster created using CrossPlane (any cloud)
+ - name: update-crossplane-cluster
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: cluster_name
+ ## As of today, one among `aks`, `eks` or `gke`:
+ - name: cluster_type
+ - name: providerconfig_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: k8s_version
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ value: "agekey"
+ - name: fleet_repo_url
+ - name: sw_catalogs_repo_url
+ - name: mgmt_project_name
+ value: "osm_admin"
+ ## AKS only (otherwise, empty)
+ - name: rg_name
+ values: ""
+ ## GKE only (otherwise, empty)
+ - name: preemptible_nodes
+ values: "false"
+ # Other parameters - Recommended to keep defaults
+ - name: mgmt_cluster_name
+ value: "_management"
+ - name: base_templates_path
+ value: "cloud-resources"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: PRIVATE_KEY_NEW_CLUSTER
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.secret_name_private_age_key_for_new_cluster}}"
+ key: "{{inputs.parameters.key_name_in_secret}}"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - update_crossplane_cluster
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.cluster_name}}"
+ - "{{inputs.parameters.cluster_type}}"
+ - "{{inputs.parameters.providerconfig_name}}"
+ - "{{inputs.parameters.vm_size}}"
+ - "{{inputs.parameters.node_count}}"
+ - "{{inputs.parameters.cluster_location}}"
+ - "{{inputs.parameters.k8s_version}}"
+ - "{{inputs.parameters.public_key_mgmt}}"
+ - "{{inputs.parameters.public_key_new_cluster}}"
+ - ''
+ - "{{inputs.parameters.rg_name}}"
+ - "{{inputs.parameters.preemptible_nodes}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - "{{inputs.parameters.fleet_repo_url}}"
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ - "{{inputs.parameters.sw_catalogs_repo_url}}"
+ ## Note that during upgrades, OSM's bootstrap is avoided:
+ - "true"
+ - "{{inputs.parameters.mgmt_project_name}}"
+ - "{{inputs.parameters.mgmt_cluster_name}}"
+ - "{{inputs.parameters.base_templates_path}}"
+
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+
+
+ # TODO: Deprecated - To be removed
+ # Create a PaaS cluster in Azure
+ - name: create-cluster-aks
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: cluster_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: rg_name
+ - name: k8s_version
+ - name: providerconfig_name
+ - name: cluster_kustomization_name
+ - name: mgmt_project_name
+ value: "osm_admin"
+
+ # Other parameters - Recommended to keep defaults
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+ - name: sw_catalogs_repo_dir
+ value: "/sw-catalogs/sw-catalogs-osm/"
+ - name: target_folder
+ value: "{{inputs.parameters.fleet_repo_dir}}/{{inputs.parameters.mgmt_project_name}}/managed-resources/_management"
+ - name: manifest_filename
+ value: "{{inputs.parameters.cluster_name}}.yaml"
+ - name: templates
+ value: "{{inputs.parameters.sw_catalogs_repo_dir}}/cloud-resources/aks/templates/"
+ - name: template_manifest_filename
+ value: "aks01.yaml"
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ # securityContext:
+ # runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_cluster_aks
+ - "{{inputs.parameters.cluster_name}}"
+ - "{{inputs.parameters.vm_size}}"
+ - "{{inputs.parameters.node_count}}"
+ - "{{inputs.parameters.cluster_location}}"
+ - "{{inputs.parameters.rg_name}}"
+ - "{{inputs.parameters.k8s_version}}"
+ - "{{inputs.parameters.providerconfig_name}}"
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.target_folder}}"
+ - "{{inputs.parameters.manifest_filename}}"
+ - "{{inputs.parameters.templates}}"
+ - "{{inputs.parameters.template_manifest_filename}}"
+
+
+ # Bootstrap remote cluster running in **ANY cloud**
+ - name: bootstrap-remote-cluster
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: cluster_name
+ - name: cluster_kustomization_name
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ value: "agekey"
+ - name: fleet_repo_url
+ - name: sw_catalogs_repo_url
+
+ # Other parameters - Recommended to keep defaults
+ - name: mgmt_project_name
+ value: "osm_admin"
+ - name: imported_cluster
+ value: "false"
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+ - name: sw_catalogs_repo_dir
+ value: "/sw-catalogs/sw-catalogs-osm/"
+
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: PRIVATE_KEY_NEW_CLUSTER
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.secret_name_private_age_key_for_new_cluster}}"
+ key: "{{inputs.parameters.key_name_in_secret}}"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_bootstrap_for_remote_cluster
+ - "{{inputs.parameters.cluster_name}}"
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
+ - "{{inputs.parameters.sw_catalogs_repo_dir}}"
+ - "{{inputs.parameters.fleet_repo_url}}"
+ - "{{inputs.parameters.sw_catalogs_repo_url}}"
+ - "{{inputs.parameters.mgmt_project_name}}"
+ - "{{inputs.parameters.public_key_mgmt}}"
+ - "{{inputs.parameters.public_key_new_cluster}}"
+ - ''
+ - "{{inputs.parameters.imported_cluster}}"
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+
+
+ # Disconnect Flux in remote cluster running in **ANY cloud**
+ - name: disconnect-flux-remote-cluster
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: mgmt_project_name
+ value: "osm_admin"
+
+ # Other parameters - Recommended to keep defaults
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - disconnect_flux_remote_cluster
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
+ - "{{inputs.parameters.mgmt_project_name}}"
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ securityContext:
+ runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+
+
+ # Delete cluster from **ANY** cloud
+ - name: delete-cluster
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: project_name
+ value: "osm_admin"
+
+ # Other parameters - Recommended to keep defaults
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+ - name: mgmt_resources_dir
+ value: "{{inputs.parameters.fleet_repo_dir}}/{{inputs.parameters.project_name}}/managed-resources/_management"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - delete_remote_cluster
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
+ - "{{inputs.parameters.mgmt_resources_dir}}"
+
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ securityContext:
+ runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/debugging-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/debugging-wft.yaml
new file mode 100644
index 0000000..5d4d164
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/debugging-wft.yaml
@@ -0,0 +1,107 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: debugging-wft
+ namespace: osm-workflows
+
+spec:
+ templates:
+ # Leaf templates
+ - name: ls-command
+ inputs:
+ parameters:
+ - name: volume_name
+ - name: folder
+ - name: mount_path
+ volumes:
+ - name: shared-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.volume_name}}'
+ script:
+ image: alpine:3.20
+ volumeMounts:
+ - name: shared-volume
+ mountPath: "{{inputs.parameters.mount_path}}"
+ command: ["sh"]
+ source: |
+ ls -laR "{{inputs.parameters.folder}}"
+ - name: find-command
+ inputs:
+ parameters:
+ - name: volume_name
+ - name: folder
+ - name: mount_path
+ volumes:
+ - name: shared-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.volume_name}}'
+ script:
+ image: alpine:3.20
+ volumeMounts:
+ - name: shared-volume
+ mountPath: "{{inputs.parameters.mount_path}}"
+ command: ["sh"]
+ source: |
+ find "{{inputs.parameters.folder}}"
+ - name: echo-command
+ inputs:
+ parameters:
+ - name: message
+ script:
+ image: alpine:3.20
+ command: ["sh"]
+ source: |
+ echo "{{inputs.parameters.message}}"
+ - name: cat-command
+ inputs:
+ parameters:
+ - name: volume_name
+ - name: mount_path
+ - name: filename
+ volumes:
+ - name: shared-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.volume_name}}'
+ script:
+ image: alpine:3.20
+ volumeMounts:
+ - name: shared-volume
+ mountPath: "{{inputs.parameters.mount_path}}"
+ command: ["sh"]
+ source: |
+ cat '{{inputs.parameters.filename}}'
+ - name: touch-command
+ inputs:
+ parameters:
+ - name: volume_name
+ - name: mount_path
+ - name: filename
+ volumes:
+ - name: shared-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.volume_name}}'
+ script:
+ image: alpine:3.20
+ volumeMounts:
+ - name: shared-volume
+ mountPath: "{{inputs.parameters.mount_path}}"
+ command: ["sh"]
+ source: |
+ touch "{{inputs.parameters.filename}}"
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/git-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/git-wft.yaml
new file mode 100644
index 0000000..568a2dd
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/git-wft.yaml
@@ -0,0 +1,173 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: git-wft
+ namespace: osm-workflows
+spec:
+ templates:
+
+ - name: git-clone
+ inputs:
+ parameters:
+ - name: repo_url
+ - name: destination_folder
+ - name: git_cred_secret
+ - name: git_volume_name
+ - name: mount_path
+ volumes:
+ - name: repos-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.git_volume_name}}'
+ script:
+ image: alpine/git:2.45.1
+ env:
+ - name: GIT_USER
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.git_cred_secret}}"
+ key: username
+ - name: GIT_PASS
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.git_cred_secret}}"
+ key: password
+ volumeMounts:
+ - name: repos-volume
+ mountPath: '{{inputs.parameters.mount_path}}'
+ command: ["sh"]
+ source: |
+ FULL_URL="{{inputs.parameters.repo_url}}"
+ DESTINATION="{{inputs.parameters.destination_folder}}"
+ CLONE_URL=""
+
+ echo "Cloning: ${FULL_URL} . . ."
+
+ [[ -n "${DESTINATION}" ]] && mkdir -p "${DESTINATION}"
+
+ # Determine final clone URL
+ if [[ -z "${GIT_USER}" ]]; then
+ CLONE_URL="${FULL_URL}"
+ elif [[ -n "${GIT_PASS}" ]]; then
+ PROTOCOL=$(echo "${FULL_URL}" | awk -F '://' '{print $1}')
+ BASE_URL=$(echo "${FULL_URL}" | awk -F '://' '{print $2}')
+ CLONE_URL="${PROTOCOL}://${GIT_USER}@${BASE_URL}"
+ else
+ echo "ERROR: Malformed invocation."
+ echo " FULL_URL=${FULL_URL}"
+ echo " GIT_USER=${GIT_USER}"
+ echo " DESTINATION=${DESTINATION}"
+ exit 1
+ fi
+
+ # Clone
+ mkdir -p /repos
+ cd /repos
+ if [[ -z "${DESTINATION}" ]]; then
+ echo -e "${GIT_PASS}\n" | git clone "${CLONE_URL}"
+ else
+ echo -e "${GIT_PASS}\n" | git clone "${CLONE_URL}" "${DESTINATION}"
+ fi
+
+ - name: git-commit-merge-push
+ inputs:
+ parameters:
+ - name: repo_folder
+ - name: git_cred_secret
+ - name: git_volume_name
+ - name: mount_path
+ - name: commit_message
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: false
+ volumes:
+ - name: repos-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.git_volume_name}}'
+ script:
+ image: alpine/git:2.45.1
+ env:
+ - name: GIT_USER
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.git_cred_secret}}"
+ key: username
+ - name: GIT_PASS
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.git_cred_secret}}"
+ key: password
+ volumeMounts:
+ - name: repos-volume
+ mountPath: '{{inputs.parameters.mount_path}}'
+ command: ["sh"]
+ source: |
+ DESTINATION="{{inputs.parameters.repo_folder}}"
+ COMMIT_MESSAGE="{{inputs.parameters.commit_message}}"
+ CONTRIB_BRANCH="{{inputs.parameters.contrib_branch}}"
+ MAIN_BRANCH="{{inputs.parameters.main_branch}}"
+ DRY_RUN="{{inputs.parameters.dry_run}}"
+
+ # Go to the repo folder
+ cd "${DESTINATION}"
+
+ # Setup global Git user and email
+ echo "Setting up global Git user and e-mail..."
+ git config --global user.name "${GIT_USER}"
+ git config --global user.email "${GIT_USER}@${GIT_USER}.local"
+
+ # Create contrib branch
+ echo "Creating ${CONTRIB_BRANCH} branch into ${DESTINATION}..."
+ git checkout -b ${CONTRIB_BRANCH}
+
+ # Creating commit
+ git status
+ git add -A
+ git commit -m "Operation ${CONTRIB_BRANCH}: ${COMMIT_MESSAGE}"
+
+ # Pull and merge branch
+ git checkout ${MAIN_BRANCH}
+ echo "Pulling latest commits from ${MAIN_BRANCH} branch (if any)..."
+ echo -e "${GIT_PASS}\n" | git pull
+
+ echo "Merging branch ${CONTRIB_BRANCH} onto ${MAIN_BRANCH}..."
+ git merge --no-ff "${CONTRIB_BRANCH}"
+
+ if [[ "${DRY_RUN}" != "true" ]]
+ then
+ echo "Pushing..."
+ cat << "EOF" > "${HOME}/git-creds.sh"
+ #!/bin/sh
+ if echo "$1" | grep -q '^Password'; then
+ echo "${GIT_PASS}"
+ else
+ echo "${GIT_USER}"
+ fi
+ exit 0
+ EOF
+
+ chmod +x "${HOME}/git-creds.sh"
+ TTY=$(tty) GIT_USERNAME="${GIT_USER}" GIT_ASKPASS=~/git-creds.sh git push origin "${MAIN_BRANCH}"
+
+ else
+ echo "DRY RUN - NO PUSH"
+ fi
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/k8s-resources-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/k8s-resources-wft.yaml
new file mode 100644
index 0000000..1c0dfeb
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/k8s-resources-wft.yaml
@@ -0,0 +1,48 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: k8s-resources-wft
+ namespace: osm-workflows
+spec:
+ templates:
+
+ - name: generate-volume
+ serviceAccountName: argo
+ inputs:
+ parameters:
+ - name: pvc-size
+ resource:
+ action: create
+ setOwnerReference: true
+ manifest: |
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
+ generateName: pvc-osm-
+ spec:
+ accessModes: ['ReadWriteOnce']
+ resources:
+ requests:
+ storage: '{{inputs.parameters.pvc-size}}'
+ outputs:
+ parameters:
+ - name: pvc-name
+ valueFrom:
+ jsonPath: '{.metadata.name}'
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/ksu-management-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/ksu-management-wft.yaml
new file mode 100644
index 0000000..67a4f87
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/ksu-management-wft.yaml
@@ -0,0 +1,1190 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: ksu-management-wft
+ namespace: osm-workflows
+spec:
+ templates:
+
+# Create a KSU based on an OKA Package which includes a `HelmRelease`
+ - name: create-ksu-oka-hr
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ # Specific parameters - Base KSU generation from template
+ - name: templates_path
+ ## Should substitute environment variables in the template?
+ - name: substitute_environment
+ value: "false"
+ ## Filter for substitution of environment variables
+ - name: substitution_filter
+ value: ""
+ ## Custom environment variables (formatted as .env), to be used for template parametrization
+ - name: custom_env_vars
+ value: ""
+ ## Root folder of the cloned SW Catalogs repo - Do not touch
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ - name: helmrelease_name
+ - name: inline_values
+ value: ""
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ value: "false"
+ - name: target_ns
+ - name: age_public_key
+ - name: values_secret_name
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ - name: secret_key
+ value: "values.yaml"
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ value: "false"
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ - name: sync
+ value: "true"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: SECRET_VALUES
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.reference_secret_for_values}}"
+ key: "{{inputs.parameters.reference_key_for_values}}"
+ default: ""
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_hr_ksu_into_profile
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}/{{inputs.parameters.templates_path}}"
+ - "{{inputs.parameters.substitute_environment}}"
+ - "{{inputs.parameters.substitution_filter}}"
+ - "{{inputs.parameters.custom_env_vars}}"
+ - "{{inputs.parameters.kustomization_name}}"
+ - "{{inputs.parameters.helmrelease_name}}"
+ - "{{inputs.parameters.inline_values}}"
+ - "{{inputs.parameters.is_preexisting_secret}}"
+ - "{{inputs.parameters.target_ns}}"
+ - "{{inputs.parameters.values_secret_name}}"
+ - "{{inputs.parameters.secret_key}}"
+ - "{{inputs.parameters.age_public_key}}"
+ - ''
+ - "{{inputs.parameters.is_preexisting_cm}}"
+ - "{{inputs.parameters.values_cm_name}}"
+ - "{{inputs.parameters.cm_key}}"
+ - "{{inputs.parameters.cm_values}}"
+ - "{{inputs.parameters.ksu_name}}"
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - "{{inputs.parameters.sync}}"
+ volumeMounts:
+ - name: fleet-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+# Update a KSU based on an OKA Package which includes a `HelmRelease`
+ - name: update-ksu-oka-hr
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ # Specific parameters - Base KSU generation from template
+ - name: templates_path
+ ## Should substitute environment variables in the template?
+ - name: substitute_environment
+ value: "false"
+ ## Filter for substitution of environment variables
+ - name: substitution_filter
+ value: ""
+ ## Custom environment variables (formatted as .env), to be used for template parametrization
+ - name: custom_env_vars
+ value: ""
+ ## Root folder of the cloned SW Catalogs repo - Do not touch
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ - name: helmrelease_name
+ - name: inline_values
+ value: ""
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ value: "false"
+ - name: target_ns
+ - name: age_public_key
+ - name: values_secret_name
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ - name: secret_key
+ value: "values.yaml"
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ value: "false"
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: SECRET_VALUES
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.reference_secret_for_values}}"
+ key: "{{inputs.parameters.reference_key_for_values}}"
+ default: ""
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - update_hr_ksu_into_profile
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}/{{inputs.parameters.templates_path}}"
+ - "{{inputs.parameters.substitute_environment}}"
+ - "{{inputs.parameters.substitution_filter}}"
+ - "{{inputs.parameters.custom_env_vars}}"
+ - "{{inputs.parameters.kustomization_name}}"
+ - "{{inputs.parameters.helmrelease_name}}"
+ - "{{inputs.parameters.inline_values}}"
+ - "{{inputs.parameters.is_preexisting_secret}}"
+ - "{{inputs.parameters.target_ns}}"
+ - "{{inputs.parameters.values_secret_name}}"
+ - "{{inputs.parameters.secret_key}}"
+ - "{{inputs.parameters.age_public_key}}"
+ - ''
+ - "{{inputs.parameters.is_preexisting_cm}}"
+ - "{{inputs.parameters.values_cm_name}}"
+ - "{{inputs.parameters.cm_key}}"
+ - "{{inputs.parameters.cm_values}}"
+ - "{{inputs.parameters.ksu_name}}"
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ volumeMounts:
+ - name: fleet-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+# Create a "generated" KSU from `HelmRelease` and Source Repo definitions
+ - name: create-ksu-generated-hr
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ # HelmRelease generation
+ - name: helmrelease_name
+ - name: chart_name
+ - name: chart_version
+ - name: target_ns
+ - name: create_ns
+ # Repo source generation
+ - name: is_preexisting_repo
+ value: "false"
+ - name: helmrepo_name
+ - name: helmrepo_url
+ - name: helmrepo_ns
+ valueFrom:
+ expression: "{{input.parameters.target_ns}}"
+ - name: helmrepo_secret_ref
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ value: ""
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ value: "false"
+ - name: values_secret_name
+ - name: secret_key
+ value: "values.yaml"
+ - name: age_public_key
+ ## Secret values will be obtained from the
+ ## secret named after the input parameter `reference_secret_for_values`,
+ ## and from the key named after the input parameter `reference_key_for_values`
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ value: "false"
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ # By default, it will not syncronize, so that we can easily accumulate more than
+ # one Helm chart into the same KSU if desired
+ - name: sync
+ value: "false"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ ### `FLEET_REPO_DIR` is the result of:
+ ### "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: SECRET_VALUES
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.reference_secret_for_values}}"
+ key: "{{inputs.parameters.reference_key_for_values}}"
+ default: ""
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_generated_ksu_from_helm_into_profile
+ - "{{inputs.parameters.helmrelease_name}}"
+ - "{{inputs.parameters.chart_name}}"
+ - "{{inputs.parameters.chart_version}}"
+ - "{{inputs.parameters.target_ns}}"
+ - "{{inputs.parameters.create_ns}}"
+ - "{{inputs.parameters.is_preexisting_repo}}"
+ - "{{inputs.parameters.helmrepo_name}}"
+ - "{{inputs.parameters.helmrepo_url}}"
+ - "{{inputs.parameters.helmrepo_ns}}"
+ - "{{inputs.parameters.helmrepo_secret_ref}}"
+ - "{{inputs.parameters.inline_values}}"
+ - "{{inputs.parameters.is_preexisting_secret}}"
+ - "{{inputs.parameters.values_secret_name}}"
+ - "{{inputs.parameters.secret_key}}"
+ - "{{inputs.parameters.age_public_key}}"
+ - ''
+ - "{{inputs.parameters.is_preexisting_cm}}"
+ - "{{inputs.parameters.values_cm_name}}"
+ - "{{inputs.parameters.cm_key}}"
+ - "{{inputs.parameters.cm_values}}"
+ - "{{inputs.parameters.ksu_name}}"
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - "{{inputs.parameters.sync}}"
+ volumeMounts:
+ - name: fleet-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ volumes:
+ - name: fleet-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+# Update a "generated" KSU from `HelmRelease` and Source Repo definitions
+ - name: update-ksu-generated-hr
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ # HelmRelease generation
+ - name: helmrelease_name
+ - name: chart_name
+ - name: chart_version
+ - name: target_ns
+ - name: create_ns
+ # Repo source generation
+ - name: is_preexisting_repo
+ value: "false"
+ - name: helmrepo_name
+ - name: helmrepo_url
+ - name: helmrepo_ns
+ valueFrom:
+ expression: "{{input.parameters.target_ns}}"
+ - name: helmrepo_secret_ref
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ value: ""
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ value: "false"
+ - name: values_secret_name
+ - name: secret_key
+ value: "values.yaml"
+ - name: age_public_key
+ ## Secret values will be obtained from the
+ ## secret named after the input parameter `reference_secret_for_values`,
+ ## and from the key named after the input parameter `reference_key_for_values`
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ value: "false"
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ ### `FLEET_REPO_DIR` is the result of:
+ ### "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: SECRET_VALUES
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.reference_secret_for_values}}"
+ key: "{{inputs.parameters.reference_key_for_values}}"
+ default: ""
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - update_generated_ksu_from_helm_into_profile
+ - "{{inputs.parameters.helmrelease_name}}"
+ - "{{inputs.parameters.chart_name}}"
+ - "{{inputs.parameters.chart_version}}"
+ - "{{inputs.parameters.target_ns}}"
+ - "{{inputs.parameters.create_ns}}"
+ - "{{inputs.parameters.is_preexisting_repo}}"
+ - "{{inputs.parameters.helmrepo_name}}"
+ - "{{inputs.parameters.helmrepo_url}}"
+ - "{{inputs.parameters.helmrepo_ns}}"
+ - "{{inputs.parameters.helmrepo_secret_ref}}"
+ - "{{inputs.parameters.inline_values}}"
+ - "{{inputs.parameters.is_preexisting_secret}}"
+ - "{{inputs.parameters.values_secret_name}}"
+ - "{{inputs.parameters.secret_key}}"
+ - "{{inputs.parameters.age_public_key}}"
+ - ''
+ - "{{inputs.parameters.is_preexisting_cm}}"
+ - "{{inputs.parameters.values_cm_name}}"
+ - "{{inputs.parameters.cm_key}}"
+ - "{{inputs.parameters.cm_values}}"
+ - "{{inputs.parameters.ksu_name}}"
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ volumeMounts:
+ - name: fleet-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ volumes:
+ - name: fleet-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+# Delete a KSU from a profile
+ - name: delete-ksu
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ # Specific parameters - KSU id
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ # Other parameters - Do not touch
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - delete_ksu_from_profile
+ - "{{inputs.parameters.ksu_name}}"
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ volumeMounts:
+ - name: fleet-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: fleet-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+# Clone a KSU from a profile to another
+ - name: clone-ksu
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+ # Specific parameters - Source and destination KSU
+ ## Source KSU:
+ - name: source_ksu_name
+ - name: source_profile_name
+ - name: source_profile_type
+ - name: source_project_name
+ value: "osm_admin"
+ ## Destination KSU:
+ ## - If any of the destination parameters are not specified, it will assume
+ ## they are the same as in source.
+ ## - It will reject if all are empty or equal to source, to avoid cloning a KSU over itself
+ - name: destination_ksu_name
+ value: ""
+ - name: destination_profile_name
+ value: ""
+ - name: destination_profile_type
+ value: ""
+ - name: destination_project_name
+ value: ""
+ # Other parameters - Do not touch
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ # Debug?
+ - name: debug
+ value: "false"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - clone_ksu
+ - "{{inputs.parameters.source_ksu_name}}"
+ - "{{inputs.parameters.source_profile_name}}"
+ - "{{inputs.parameters.source_profile_type}}"
+ - "{{inputs.parameters.source_project_name}}"
+ - "{{inputs.parameters.destination_ksu_name}}"
+ - "{{inputs.parameters.destination_profile_name}}"
+ - "{{inputs.parameters.destination_profile_type}}"
+ - "{{inputs.parameters.destination_project_name}}"
+ - "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ volumeMounts:
+ - name: fleet-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ volumes:
+ - name: fleet-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # Read template folder from OKA Package and convert to `ResourceList`
+ # It can work as KRM generator function, since it accepts an optional input `ResourceList`
+ - name: folder2list
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: sw_catalogs_volume_name
+ - name: temp_volume_name
+ # Filename for input stream
+ - name: input_stream_file
+ value: "/dev/null"
+ # Specific parameters
+ ## Relative path from `sw_catalogs_mount_path`
+ - name: templates_path
+ ## Should substitute environment variables in the template?
+ - name: substitute_environment
+ value: "false"
+ ## Filter for substitution of environment variables
+ - name: substitution_filter
+ value: ""
+ ## Custom environment variables (formatted as .env), to be used for template parametrization
+ - name: custom_env_vars
+ value: ""
+ # value: |
+ # KEY1=value1
+ # KEY2=value2
+ # Debug mode?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ - name: rand_str
+ value: "{{=sprig.randAlphaNum(9)}}"
+ outputs:
+ parameters:
+ - name: output_file
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: INFILE
+ value: "{{inputs.parameters.input_stream_file}}"
+ - name: OUTFILE
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ - name: CUSTOM_ENV
+ value: "{{inputs.parameters.custom_env_vars}}"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - folder2list_generator
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}/{{inputs.parameters.templates_path}}"
+ - "{{inputs.parameters.substitute_environment}}"
+ - "{{inputs.parameters.substitution_filter}}"
+ volumeMounts:
+ - name: temp-volume
+ mountPath: "/results"
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # Transform `ResourceList`'s main Kustomization to patch `HelmRelease` to use
+ # inline values
+ - name: transform-ks-add-values-to-hr
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ # Specific parameters - Generator
+ ## Filename for input stream
+ - name: input_stream_file
+ # Specific parameters
+ ## Patched objects
+ - name: kustomization_name
+ - name: helmrelease_name
+ ## Input values for the Helm Chart
+ - name: inline_values
+ # Debug mode?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: rand_str
+ value: "{{=sprig.randAlphaNum(9)}}"
+ outputs:
+ parameters:
+ - name: output_file
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: INFILE
+ value: "{{inputs.parameters.input_stream_file}}"
+ - name: OUTFILE
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - add_values_to_helmrelease_via_ks
+ - "{{inputs.parameters.kustomization_name}}"
+ - "{{inputs.parameters.helmrelease_name}}"
+ - "{{inputs.parameters.inline_values}}"
+ volumeMounts:
+ - name: temp-volume
+ mountPath: "/results"
+ volumes:
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # Transform `ResourceList`'s main Kustomization to patch `HelmRelease` to use
+ # values from a Secret, a ConfigMap or both.
+ - name: transform-ks-add-referenced-values-to-hr
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ # Specific parameters - Generator
+ ## Filename for input stream
+ - name: input_stream_file
+ # Specific parameters
+ - name: kustomization_name
+ - name: helmrelease_name
+ ## Source for values (Secret, ConfigMap or both)
+ - name: values_secret_name
+ value: ""
+ - name: values_cm_name
+ value: ""
+ # Debug mode?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: rand_str
+ value: "{{=sprig.randAlphaNum(9)}}"
+ outputs:
+ parameters:
+ - name: output_file
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: INFILE
+ value: "{{inputs.parameters.input_stream_file}}"
+ - name: OUTFILE
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - add_ref_values_to_hr_via_ks
+ - "{{inputs.parameters.kustomization_name}}"
+ - "{{inputs.parameters.helmrelease_name}}"
+ - "{{inputs.parameters.values_secret_name}}"
+ - "{{inputs.parameters.values_cm_name}}"
+ volumeMounts:
+ - name: temp-volume
+ mountPath: "/results"
+ volumes:
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # KRM function to render a ResourceList with a KSU into a target profile
+ - name: render-ksu-into-profile
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ - name: temp_volume_name
+ # Filename for input stream
+ - name: input_stream_file
+ # Specific parameters
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ ## Whether the target KSU folder will be fully re-created on render
+ - name: sync
+ value: "false"
+ # Debug mode?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+ - name: rand_str
+ value: "{{=sprig.randAlphaNum(9)}}"
+ outputs:
+ parameters:
+ - name: output_file
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: INFILE
+ value: "{{inputs.parameters.input_stream_file}}"
+ - name: OUTFILE
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - render_ksu_into_profile
+ - "{{inputs.parameters.ksu_name}}"
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
+ - "{{inputs.parameters.sync}}"
+ volumeMounts:
+ - name: temp-volume
+ mountPath: "/results"
+ - name: fleet-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ volumes:
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ - name: fleet-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # KRM generator to create Secrets suitable to pass values to `HelmReleases`
+ - name: generator-secret-hr-values
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ # Specific parameters - Generator
+ ## Filename for input stream
+ - name: input_stream_file
+ value: "/dev/null"
+ ## Name of final manifest filename into generated `ResourceList` object
+ - name: final_manifest_filename
+ # Specific parameters - Secret
+ - name: age_public_key
+ - name: values_secret_name
+ - name: target_ns
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ - name: secret_key
+ value: "values.yaml"
+ # Debug mode?
+ - name: debug
+ value: "false"
+ outputs:
+ parameters:
+ - name: output_file
+ valueFrom:
+ parameter: '{{steps.generate-resourcelist.outputs.parameters.output_file}}'
+ steps:
+ - - name: build-manifest
+ templateRef:
+ name: ksu-management-wft
+ template: manifest-secret-hr-values
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ value: "{{inputs.parameters.temp_volume_name}}"
+ # Specific parameters
+ - name: age_public_key
+ value: "{{inputs.parameters.age_public_key}}"
+ - name: values_secret_name
+ value: "{{inputs.parameters.values_secret_name}}"
+ - name: target_ns
+ value: "{{inputs.parameters.target_ns}}"
+ - name: reference_secret_for_values
+ value: "{{inputs.parameters.reference_secret_for_values}}"
+ - name: reference_key_for_values
+ value: "{{inputs.parameters.reference_key_for_values}}"
+ - name: secret_key
+ value: "{{inputs.parameters.secret_key}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ - - name: generate-resourcelist
+ templateRef:
+ name: ksu-management-wft
+ template: make-generator
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ value: "{{inputs.parameters.temp_volume_name}}"
+ # Filename for input stream
+ - name: input_stream_file
+ value: "{{inputs.parameters.input_stream_file}}"
+ # File with raw manifest
+ - name: input_manifest_file
+ value: '{{steps.build-manifest.outputs.parameters.output_file}}'
+ # Name of final manifest filename into generated `ResourceList` object
+ - name: final_manifest_filename
+ value: "{{inputs.parameters.final_manifest_filename}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+
+
+ # KRM generator to create ConfigMaps suitable to pass values to `HelmReleases`
+ - name: generator-cm-hr-values
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ # Specific parameters - Generator
+ ## Filename for input stream
+ - name: input_stream_file
+ value: "/dev/null"
+ ## Name of final manifest filename into generated `ResourceList` object
+ - name: final_manifest_filename
+ # Specific parameters - ConfigMap
+ - name: values_cm_name
+ - name: target_ns
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ # Debug mode?
+ - name: debug
+ value: "false"
+ outputs:
+ parameters:
+ - name: output_file
+ valueFrom:
+ parameter: '{{steps.generate-resourcelist.outputs.parameters.output_file}}'
+ steps:
+ - - name: build-manifest
+ templateRef:
+ name: ksu-management-wft
+ template: manifest-cm-hr-values
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ value: "{{inputs.parameters.temp_volume_name}}"
+ # Specific parameters
+ - name: values_cm_name
+ value: "{{inputs.parameters.values_cm_name}}"
+ - name: target_ns
+ value: "{{inputs.parameters.target_ns}}"
+ - name: cm_key
+ value: "{{inputs.parameters.cm_key}}"
+ - name: cm_values
+ value: "{{inputs.parameters.cm_values}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ - - name: generate-resourcelist
+ templateRef:
+ name: ksu-management-wft
+ template: make-generator
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ value: "{{inputs.parameters.temp_volume_name}}"
+ # Filename for input stream
+ - name: input_stream_file
+ value: "{{inputs.parameters.input_stream_file}}"
+ # File with raw manifest
+ - name: input_manifest_file
+ value: '{{steps.build-manifest.outputs.parameters.output_file}}'
+ # Name of final manifest filename into generated `ResourceList` object
+ - name: final_manifest_filename
+ value: "{{inputs.parameters.final_manifest_filename}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+
+
+ # Converts a manifest to a KRM generator
+ - name: make-generator
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ # Filename for input stream
+ - name: input_stream_file
+ value: "/dev/null"
+ # File with raw manifest
+ - name: input_manifest_file
+ # Name of final manifest filename into generated `ResourceList` object
+ - name: final_manifest_filename
+ # Debug mode?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: rand_str
+ value: "{{=sprig.randAlphaNum(9)}}"
+ outputs:
+ parameters:
+ - name: output_file
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: INFILE
+ value: "{{inputs.parameters.input_stream_file}}"
+ - name: OUTFILE
+ value: "/results/resourcelist.{{inputs.parameters.rand_str}}.yaml"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - make_generator
+ - "{{inputs.parameters.final_manifest_filename}}"
+ - cat
+ - "{{inputs.parameters.input_manifest_file}}"
+ volumeMounts:
+ - name: temp-volume
+ mountPath: "/results"
+ volumes:
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # Produces a secret manifest and encrypts it with SOPS
+ - name: manifest-secret-hr-values
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ # Public age key to encrypt secret
+ - name: age_public_key
+ # Name of the secret to be created
+ - name: values_secret_name
+ # Namespace for the secret
+ - name: target_ns
+ # Input secret that contains the values to embed into the new secret
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ value: "values.yaml"
+ # Key in the new secret where the values will be inserted
+ - name: secret_key
+ value: "values.yaml"
+ # Debug mode?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: rand_str
+ value: "{{=sprig.randAlphaNum(9)}}"
+ outputs:
+ parameters:
+ - name: output_file
+ value: "/results/manifest.{{inputs.parameters.rand_str}}.yaml"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: INSTREAM
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.reference_secret_for_values}}"
+ key: "{{inputs.parameters.reference_key_for_values}}"
+ - name: OUTFILE
+ value: "/results/manifest.{{inputs.parameters.rand_str}}.yaml"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - kubectl_encrypt
+ - "{{inputs.parameters.age_public_key}}"
+ - create
+ - secret
+ - generic
+ - "{{inputs.parameters.values_secret_name}}"
+ - --namespace={{inputs.parameters.target_ns}}
+ - --from-file={{inputs.parameters.secret_key}}=/dev/stdin
+ - -o=yaml
+ - --dry-run=client
+ volumeMounts:
+ - name: temp-volume
+ mountPath: "/results"
+ volumes:
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+ # Produces a ConfigMap manifest
+ - name: manifest-cm-hr-values
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: temp_volume_name
+ # Specific parameters
+ - name: values_cm_name
+ - name: target_ns
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ # Debug mode?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: rand_str
+ value: "{{=sprig.randAlphaNum(9)}}"
+ outputs:
+ parameters:
+ - name: output_file
+ value: "/results/manifest.{{inputs.parameters.rand_str}}.yaml"
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: INSTREAM
+ value: "{{inputs.parameters.cm_values}}"
+ - name: OUTFILE
+ value: "/results/manifest.{{inputs.parameters.rand_str}}.yaml"
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - kubectl
+ - create
+ - configmap
+ - "{{inputs.parameters.values_cm_name}}"
+ - --namespace={{inputs.parameters.target_ns}}
+ - --from-file={{inputs.parameters.cm_key}}=/dev/stdin
+ - -o=yaml
+ - --dry-run=client
+ volumeMounts:
+ - name: temp-volume
+ mountPath: "/results"
+ volumes:
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/oka-management-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/oka-management-wft.yaml
new file mode 100644
index 0000000..4a0e841
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/oka-management-wft.yaml
@@ -0,0 +1,192 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: oka-management-wft
+ namespace: osm-workflows
+spec:
+ templates:
+
+# Create an OKA based on an OKA Package pre-loaded into a pvc
+ - name: create-oka
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: sw_catalogs_volume_name
+ - name: temp_volume_name
+ # Specific parameters - OKA
+ - name: oka_name
+ ## Choose among `infra-controllers`, `infra-configs`, `cloud-resources`, `apps`:
+ - name: oka_type
+ - name: project_name
+ value: "osm_admin"
+ - name: tarball_file
+ value: "true"
+ # Debug?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ - name: temp_volume_mount_path
+ value: "/oka"
+ - name: oka_location
+ value: "/oka"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_oka
+ - "{{inputs.parameters.oka_name}}"
+ - "{{inputs.parameters.oka_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ - "{{inputs.parameters.oka_location}}"
+ - "{{inputs.parameters.tarball_file}}"
+ volumeMounts:
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ - name: temp-volume
+ mountPath: '{{inputs.parameters.temp_volume_mount_path}}'
+ volumes:
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+# Update an OKA based on an OKA Package pre-loaded into a pvc
+ - name: update-oka
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: sw_catalogs_volume_name
+ - name: temp_volume_name
+ # Specific parameters - OKA
+ - name: oka_name
+ ## Choose among `infra-controllers`, `infra-configs`, `cloud-resources`, `apps`:
+ - name: oka_type
+ - name: project_name
+ value: "osm_admin"
+ - name: tarball_file
+ value: "true"
+ # Debug?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+ - name: temp_volume_mount_path
+ value: "/oka"
+ - name: oka_location
+ value: "/oka"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - update_oka
+ - "{{inputs.parameters.oka_name}}"
+ - "{{inputs.parameters.oka_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ - "{{inputs.parameters.oka_location}}"
+ - "{{inputs.parameters.tarball_file}}"
+ volumeMounts:
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ - name: temp-volume
+ mountPath: '{{inputs.parameters.temp_volume_mount_path}}'
+ volumes:
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ - name: temp-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.temp_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
+
+
+# Delete an OKA
+ - name: delete-oka
+ inputs:
+ parameters:
+ # References to required external resources
+ - name: sw_catalogs_volume_name
+ # Specific parameters - OKA
+ - name: oka_name
+ ## Choose among `infra-controllers`, `infra-configs`, `cloud-resources`, `apps`:
+ - name: oka_type
+ - name: project_name
+ value: "osm_admin"
+ # Debug?
+ - name: debug
+ value: "false"
+ # Other parameters - Do not touch
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ env:
+ - name: DEBUG
+ value: "{{inputs.parameters.debug}}"
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - delete_oka
+ - "{{inputs.parameters.oka_name}}"
+ - "{{inputs.parameters.oka_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.sw_catalogs_mount_path}}/{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ volumeMounts:
+ - name: sw-catalogs-repo-volume
+ mountPath: '{{inputs.parameters.sw_catalogs_mount_path}}'
+ volumes:
+ - name: sw-catalogs-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.sw_catalogs_volume_name}}'
+ securityContext:
+ fsGroup: 10000
+ # runAsUser: 10000
+ # runAsGroup: 10000
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/profile-management-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/profile-management-wft.yaml
new file mode 100644
index 0000000..64917be
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/profile-management-wft.yaml
@@ -0,0 +1,195 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: profile-management-wft
+ namespace: osm-workflows
+spec:
+ templates:
+
+ # Create a profile
+ - name: create-profile
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ - name: fleet_repo_url
+
+ # Other parameters - Recommended to keep defaults
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ # securityContext:
+ # runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - create_profile
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_repo_url}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
+
+
+ # Delete a profile
+ - name: delete-profile
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+
+ # Other parameters - Recommended to keep defaults
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ # securityContext:
+ # runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - delete_profile
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
+
+
+ # Attach a profile to a cluster
+ - name: attach-profile-to-cluster
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ - name: cluster_kustomization_name
+
+ # Other parameters - Recommended to keep defaults
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ # securityContext:
+ # runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - attach_profile_to_cluster
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
+
+
+ # Detach profile from cluster
+ - name: detach-profile-from-cluster
+ inputs:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ - name: fleet_mount_path
+ value: "/fleet"
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ - name: cluster_kustomization_name
+
+ # Other parameters - Recommended to keep defaults
+ - name: fleet_repo_dir
+ value: "/fleet/fleet-osm/"
+ volumes:
+ - name: fleet-repo-volume
+ persistentVolumeClaim:
+ claimName: '{{inputs.parameters.fleet_volume_name}}'
+ container:
+ image: ttl.sh/osm-krm-functions:24h
+ # imagePullPolicy: Always
+ # securityContext:
+ # runAsUser: 10000
+ # runAsGroup: 10000
+ # fsGroup: 10000
+ volumeMounts:
+ - name: fleet-repo-volume
+ mountPath: '{{inputs.parameters.fleet_mount_path}}'
+ command: ["/app/scripts/entrypoint.sh"]
+ args:
+ - detach_profile_from_cluster
+ - "{{inputs.parameters.profile_name}}"
+ - "{{inputs.parameters.profile_type}}"
+ - "{{inputs.parameters.project_name}}"
+ - "{{inputs.parameters.cluster_kustomization_name}}"
+ - "{{inputs.parameters.fleet_repo_dir}}"
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-attach-profile.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-attach-profile.yaml
new file mode 100644
index 0000000..5a4bd20
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-attach-profile.yaml
@@ -0,0 +1,150 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-attach-profile-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ - name: cluster_kustomization_name
+
+ # Debugging
+ - name: dry_run
+ value: false
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: attach-profile
+
+ templates:
+
+ # Main template
+ - name: attach-profile
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ - name: cluster_kustomization_name
+
+ # Debugging
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Attach profile to cluster
+ - - name: attach-profile
+ templateRef:
+ name: profile-management-wft
+ template: attach-profile-to-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ # Specific parameters
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ - name: fleet_repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Attach {{inputs.parameters.profile_name}} profile to {{inputs.parameters.cluster_kustomization_name}} cluster"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-bootstrap-cluster-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-bootstrap-cluster-wft.yaml
new file mode 100644
index 0000000..54e012f
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-bootstrap-cluster-wft.yaml
@@ -0,0 +1,207 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-bootstrap-cluster-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - Bootstrap
+ - name: cluster_name
+ - name: cluster_kustomization_name
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ value: "agekey"
+
+ # Recommended to keep this default
+ - name: imported_cluster
+ value: "true"
+
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: bootstrap-cluster
+
+ templates:
+
+ # Main template
+ - name: bootstrap-cluster
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - Bootstrap
+ - name: cluster_name
+ - name: cluster_kustomization_name
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ - name: imported_cluster
+
+ # Debugging
+ - name: debug
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Bootstrap the remote cluster
+ - - name: bootstrap-cluster
+ templateRef:
+ name: cluster-management-wft
+ template: bootstrap-remote-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: cluster_name
+ value: "{{inputs.parameters.cluster_name}}"
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ - name: public_key_mgmt
+ value: "{{inputs.parameters.public_key_mgmt}}"
+ - name: public_key_new_cluster
+ value: "{{inputs.parameters.public_key_new_cluster}}"
+ - name: secret_name_private_age_key_for_new_cluster
+ value: "{{inputs.parameters.secret_name_private_age_key_for_new_cluster}}"
+ - name: key_name_in_secret
+ value: "{{inputs.parameters.key_name_in_secret}}"
+ - name: fleet_repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: sw_catalogs_repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: imported_cluster
+ value: "{{inputs.parameters.imported_cluster}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Bootstrap imported cluster {{inputs.parameters.cluster_kustomization_name}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-clone-ksu.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-clone-ksu.yaml
new file mode 100644
index 0000000..ac32376
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-clone-ksu.yaml
@@ -0,0 +1,180 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-clone-ksu-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # Specific parameters - Source and destination KSU
+ ## Source KSU:
+ - name: source_ksu_name
+ - name: source_profile_name
+ - name: source_profile_type
+ - name: source_project_name
+ value: "osm_admin"
+ ## Destination KSU:
+ ## - If any of the destination parameters are not specified, it will assume
+ ## they are the same as in source.
+ ## - It will reject if all are empty or equal to source, to avoid cloning a KSU over itself
+ - name: destination_ksu_name
+ value: ""
+ - name: destination_profile_name
+ value: ""
+ - name: destination_profile_type
+ value: ""
+ - name: destination_project_name
+ value: ""
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: clone-ksu
+
+ templates:
+ # Main template
+ - name: clone-ksu
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # Specific parameters - Source and destination KSU
+ ## Source KSU:
+ - name: source_ksu_name
+ - name: source_profile_name
+ - name: source_profile_type
+ - name: source_project_name
+ ## Destination KSU:
+ - name: destination_ksu_name
+ - name: destination_profile_name
+ - name: destination_profile_type
+ - name: destination_project_name
+ # Debug/dry run?
+ - name: debug
+ - name: dry_run
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: clone-ksu
+ templateRef:
+ name: ksu-management-wft
+ template: clone-ksu
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters - Source and destination KSU
+ ## Source KSU:
+ - name: source_ksu_name
+ value: "{{inputs.parameters.source_ksu_name}}"
+ - name: source_profile_name
+ value: "{{inputs.parameters.source_profile_name}}"
+ - name: source_profile_type
+ value: "{{inputs.parameters.source_profile_type}}"
+ - name: source_project_name
+ value: "{{inputs.parameters.source_project_name}}"
+ ## Destination KSU:
+ - name: destination_ksu_name
+ value: "{{inputs.parameters.destination_ksu_name}}"
+ - name: destination_profile_name
+ value: "{{inputs.parameters.destination_profile_name}}"
+ - name: destination_profile_type
+ value: "{{inputs.parameters.destination_profile_type}}"
+ - name: destination_project_name
+ value: "{{inputs.parameters.destination_project_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Clone KSU {{inputs.parameters.source_ksu_name}} at {{inputs.parameters.source_profile_name}} profile of {{inputs.parameters.source_profile_type}} type @ {{inputs.parameters.source_project_name}} project as {{inputs.parameters.destination_ksu_name}} KSU at {{inputs.parameters.destination_profile_name}} profile of {{inputs.parameters.destination_profile_type}} type @ {{inputs.parameters.destination_project_name}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-aks-cluster-and-bootstrap-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-aks-cluster-and-bootstrap-wft.yaml
new file mode 100644
index 0000000..76ac3eb
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-aks-cluster-and-bootstrap-wft.yaml
@@ -0,0 +1,251 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-create-aks-cluster-and-bootstrap-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - AKS cluster
+ - name: cluster_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: rg_name
+ - name: k8s_version
+ - name: providerconfig_name
+ - name: cluster_kustomization_name
+
+ # Specific parameters - Bootstrap
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ value: "agekey"
+ - name: fleet_repo_url
+ - name: sw_catalogs_repo_url
+
+ # Debugging
+ - name: dry_run
+ value: false
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: create-aks-cluster-and-bootstrap
+
+ templates:
+
+ # Main template
+ - name: create-aks-cluster-and-bootstrap
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - AKS cluster
+ - name: cluster_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: rg_name
+ - name: k8s_version
+ - name: providerconfig_name
+ - name: cluster_kustomization_name
+
+ # Specific parameters - Bootstrap
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ - name: fleet_repo_url
+ - name: sw_catalogs_repo_url
+
+ # Debugging
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Create cluster in target cloud
+ - - name: create-cluster-aks
+ templateRef:
+ name: cluster-management-wft
+ template: create-cluster-aks
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ # Specific parameters
+ - name: cluster_name
+ value: "{{inputs.parameters.cluster_name}}"
+ - name: vm_size
+ value: "{{inputs.parameters.vm_size}}"
+ - name: node_count
+ value: "{{inputs.parameters.node_count}}"
+ - name: cluster_location
+ value: "{{inputs.parameters.cluster_location}}"
+ - name: rg_name
+ value: "{{inputs.parameters.rg_name}}"
+ - name: k8s_version
+ value: "{{inputs.parameters.k8s_version}}"
+ - name: providerconfig_name
+ value: "{{inputs.parameters.providerconfig_name}}"
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+
+ # Bootstrap the new remote cluster
+ - - name: bootstrap-new-cluster
+ templateRef:
+ name: cluster-management-wft
+ template: bootstrap-remote-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+
+ # Specific parameters
+ - name: cluster_name
+ value: "{{inputs.parameters.cluster_name}}"
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ - name: public_key_mgmt
+ value: "{{inputs.parameters.public_key_mgmt}}"
+ - name: public_key_new_cluster
+ value: "{{inputs.parameters.public_key_new_cluster}}"
+ - name: secret_name_private_age_key_for_new_cluster
+ value: "{{inputs.parameters.secret_name_private_age_key_for_new_cluster}}"
+ - name: key_name_in_secret
+ value: "{{inputs.parameters.key_name_in_secret}}"
+ - name: fleet_repo_url
+ value: "{{inputs.parameters.fleet_repo_url}}"
+ - name: sw_catalogs_repo_url
+ value: "{{inputs.parameters.sw_catalogs_repo_url}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create AKS cluster {{inputs.parameters.cluster_kustomization_name}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
new file mode 100644
index 0000000..d5b2ed2
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
@@ -0,0 +1,286 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-create-crossplane-cluster-and-bootstrap-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - Generic cluster creation
+ - name: cluster_kustomization_name
+ - name: cluster_name
+ - name: cluster_type
+ - name: providerconfig_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: k8s_version
+
+ # Specific parameters - Bootstrap and credentials
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ value: "agekey"
+ # Using `git_fleet_url` instead:
+ # - name: fleet_repo_url
+ # Using `git_sw_catalogs_url` instead:
+ # - name: sw_catalogs_repo_url
+ - name: mgmt_project_name
+ value: "osm_admin"
+
+ # Specific parameters - AKS only
+ - name: rg_name
+ values: ""
+
+ # Specific parameters - GKE only
+ - name: preemptible_nodes
+ values: "false"
+
+ # Advanced parameters - Recommended to keep defaults
+ - name: skip_bootstrap
+ value: "false"
+ - name: mgmt_cluster_name
+ value: "_management"
+ - name: base_templates_path
+ value: "cloud-resources"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: create-cluster-and-bootstrap
+
+ templates:
+ # Main template
+ - name: create-cluster-and-bootstrap
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: cluster_name
+ - name: cluster_type
+ - name: providerconfig_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: k8s_version
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ # - name: fleet_repo_url
+ # - name: sw_catalogs_repo_url
+ - name: mgmt_project_name
+ - name: skip_bootstrap
+ ## AKS only (otherwise, ignored)
+ - name: rg_name
+ ## GKE only (otherwise, ignored)
+ - name: preemptible_nodes
+ # Other parameters - Recommended to keep defaults
+ - name: mgmt_cluster_name
+ - name: base_templates_path
+ - name: cloned_fleet_folder_name
+ - name: cloned_sw_catalogs_folder_name
+ # Debug/dry run?
+ - name: debug
+ - name: dry_run
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Create cluster in target cloud
+ - - name: create-cluster
+ templateRef:
+ name: cluster-management-wft
+ template: create-crossplane-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ # Specific parameters
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ - name: cluster_name
+ value: "{{inputs.parameters.cluster_name}}"
+ - name: cluster_type
+ value: "{{inputs.parameters.cluster_type}}"
+ - name: providerconfig_name
+ value: "{{inputs.parameters.providerconfig_name}}"
+ - name: vm_size
+ value: "{{inputs.parameters.vm_size}}"
+ - name: node_count
+ value: "{{inputs.parameters.node_count}}"
+ - name: cluster_location
+ value: "{{inputs.parameters.cluster_location}}"
+ - name: k8s_version
+ value: "{{inputs.parameters.k8s_version}}"
+ - name: public_key_mgmt
+ value: "{{inputs.parameters.public_key_mgmt}}"
+ - name: public_key_new_cluster
+ value: "{{inputs.parameters.public_key_new_cluster}}"
+ - name: secret_name_private_age_key_for_new_cluster
+ value: "{{inputs.parameters.secret_name_private_age_key_for_new_cluster}}"
+ - name: key_name_in_secret
+ value: "{{inputs.parameters.key_name_in_secret}}"
+ ## Fed with `git_fleet_url` to avoid duplicates
+ - name: fleet_repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ ## Fed with `git_sw_catalogs_url` to avoid duplicates
+ - name: sw_catalogs_repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: mgmt_project_name
+ value: "{{inputs.parameters.mgmt_project_name}}"
+ - name: skip_bootstrap
+ value: "{{inputs.parameters.skip_bootstrap}}"
+ ## AKS only
+ - name: rg_name
+ value: "{{inputs.parameters.rg_name}}"
+ ## GKE only
+ - name: preemptible_nodes
+ value: "{{inputs.parameters.preemptible_nodes}}"
+ # Other parameters - Recommended to keep defaults
+ - name: mgmt_cluster_name
+ value: "{{inputs.parameters.mgmt_cluster_name}}"
+ - name: base_templates_path
+ value: "{{inputs.parameters.base_templates_path}}"
+ - name: cloned_fleet_folder_name
+ value: "{{inputs.parameters.cloned_fleet_folder_name}}"
+ - name: cloned_sw_catalogs_folder_name
+ value: "{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create {{inputs.parameters.cluster_type}} cluster {{inputs.parameters.cluster_kustomization_name}} at {{inputs.parameters.cluster_location}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-ksu-generated-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-ksu-generated-hr.yaml
new file mode 100644
index 0000000..7b74541
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-ksu-generated-hr.yaml
@@ -0,0 +1,285 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-create-ksu-generated-hr-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # HelmRelease generation
+ - name: helmrelease_name
+ - name: chart_name
+ - name: chart_version
+ - name: target_ns
+ - name: create_ns
+ # Repo source generation
+ - name: is_preexisting_repo
+ value: "false"
+ - name: helmrepo_name
+ - name: helmrepo_url
+ - name: helmrepo_ns
+ valueFrom:
+ expression: "{{inputs.parameters.target_ns}}"
+ - name: helmrepo_secret_ref
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ value: ""
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ value: "false"
+ - name: values_secret_name
+ - name: secret_key
+ value: "values.yaml"
+ - name: age_public_key
+ ################################################################
+ ## A temporary secret should exist already in the `osm-workflows`
+ ## namespace containing the desired secret key-values
+ ## in a well-known key (in the example, `creds`).
+ ##
+ ## For instance:
+ ##
+ ## creds: |
+ ## jenkinsUser: admin
+ ## jenkinsPassword: myJ3nk1n2P2ssw0rd
+ ##
+ ## Secret values will be obtained from the
+ ## secret named after the input parameter `reference_secret_for_values`,
+ ## and from the key named after the input parameter `reference_key_for_values`
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ # By default, it will not syncronize, so that we can easily accumulate more than
+ # one Helm chart into the same KSU if desired
+ - name: sync
+ value: "false"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ ### `FLEET_REPO_DIR` is the result of:
+ ### "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: create-ksu-hr
+
+ templates:
+ # Main template
+ - name: create-ksu-hr
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # HelmRelease generation
+ - name: helmrelease_name
+ - name: chart_name
+ - name: chart_version
+ - name: target_ns
+ - name: create_ns
+ # Repo source generation
+ - name: is_preexisting_repo
+ - name: helmrepo_name
+ - name: helmrepo_url
+ - name: helmrepo_ns
+ - name: helmrepo_secret_ref
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ - name: values_secret_name
+ - name: secret_key
+ - name: age_public_key
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ - name: cm_values
+ # KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ - name: sync
+ - name: cloned_fleet_folder_name
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: create-ksu-generated-hr
+ templateRef:
+ name: ksu-management-wft
+ template: create-ksu-generated-hr
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ # HelmRelease generation
+ - name: helmrelease_name
+ value: "{{inputs.parameters.helmrelease_name}}"
+ - name: chart_name
+ value: "{{inputs.parameters.chart_name}}"
+ - name: chart_version
+ value: "{{inputs.parameters.chart_version}}"
+ - name: target_ns
+ value: "{{inputs.parameters.target_ns}}"
+ - name: create_ns
+ value: "{{inputs.parameters.create_ns}}"
+ # Repo source generation
+ - name: is_preexisting_repo
+ value: "{{inputs.parameters.is_preexisting_repo}}"
+ - name: helmrepo_name
+ value: "{{inputs.parameters.helmrepo_name}}"
+ - name: helmrepo_url
+ value: "{{inputs.parameters.helmrepo_url}}"
+ - name: helmrepo_ns
+ value: "{{inputs.parameters.helmrepo_ns}}"
+ - name: helmrepo_secret_ref
+ value: "{{inputs.parameters.helmrepo_secret_ref}}"
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ value: "{{inputs.parameters.inline_values}}"
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ value: "{{inputs.parameters.is_preexisting_secret}}"
+ - name: values_secret_name
+ value: "{{inputs.parameters.values_secret_name}}"
+ - name: secret_key
+ value: "{{inputs.parameters.secret_key}}"
+ - name: age_public_key
+ value: "{{inputs.parameters.age_public_key}}"
+ ## Secret values will be obtained from this key in this secret
+ - name: reference_secret_for_values
+ value: "{{inputs.parameters.reference_secret_for_values}}"
+ - name: reference_key_for_values
+ value: "{{inputs.parameters.reference_key_for_values}}"
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ value: "{{inputs.parameters.is_preexisting_cm}}"
+ - name: values_cm_name
+ value: "{{inputs.parameters.values_cm_name}}"
+ - name: cm_key
+ value: "{{inputs.parameters.cm_key}}"
+ - name: cm_values
+ value: "{{inputs.parameters.cm_values}}"
+ # KSU rendering
+ - name: ksu_name
+ value: "{{inputs.parameters.ksu_name}}"
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ - name: sync
+ value: "{{inputs.parameters.sync}}"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ - name: cloned_fleet_folder_name
+ value: "{{inputs.parameters.cloned_fleet_folder_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create KSU {{inputs.parameters.ksu_name}} into {{inputs.parameters.profile_name}} profile of {{inputs.parameters.profile_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-ksu-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-ksu-hr.yaml
new file mode 100644
index 0000000..b904218
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-ksu-hr.yaml
@@ -0,0 +1,284 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-create-ksu-hr-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters - Base KSU generation from template
+ ## Relative path from "SW Catalogs" repo root
+ - name: templates_path
+ ## Should substitute environment variables in the template?
+ - name: substitute_environment
+ ## Filter for substitution of environment variables
+ - name: substitution_filter
+ ## Custom environment variables (formatted as .env), to be used for template parametrization
+ - name: custom_env_vars
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ - name: helmrelease_name
+ - name: inline_values
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ - name: target_ns
+ - name: age_public_key
+ - name: values_secret_name
+ - name: secret_key
+ value: "values.yaml"
+ ################################################################
+ # This temporary secret should exist already in the `osm-workflows`
+ # namespace and contain the desired secret key-values
+ # in a well-known key (in the example, `creds`).
+ #
+ # For instance:
+ #
+ # creds: |
+ # jenkinsUser: admin
+ # jenkinsPassword: myJ3nk1n2P2ssw0rd
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ # By default, it will re-create the full KSU folder
+ - name: sync
+ version: "true"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: create-ksu-hr
+
+ templates:
+ # Main template
+ - name: create-ksu-hr
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters - Base KSU generation from template
+ - name: templates_path
+ - name: substitute_environment
+ - name: substitution_filter
+ - name: custom_env_vars
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ - name: helmrelease_name
+ - name: inline_values
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ - name: target_ns
+ - name: age_public_key
+ - name: values_secret_name
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ - name: secret_key
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ - name: cm_values
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ - name: sync
+ # Debug/dry run?
+ - name: debug
+ - name: dry_run
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: create-ksu-oka-hr
+ templateRef:
+ name: ksu-management-wft
+ template: create-ksu-oka-hr
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters - Base KSU generation from template
+ - name: templates_path
+ value: "{{inputs.parameters.templates_path}}"
+ - name: substitute_environment
+ value: "{{inputs.parameters.substitute_environment}}"
+ - name: substitution_filter
+ value: "{{inputs.parameters.substitution_filter}}"
+ - name: custom_env_vars
+ value: "{{inputs.parameters.custom_env_vars}}"
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ value: "{{inputs.parameters.kustomization_name}}"
+ - name: helmrelease_name
+ value: "{{inputs.parameters.helmrelease_name}}"
+ - name: inline_values
+ value: "{{inputs.parameters.inline_values}}"
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ value: "{{inputs.parameters.is_preexisting_secret}}"
+ - name: target_ns
+ value: "{{inputs.parameters.target_ns}}"
+ - name: age_public_key
+ value: "{{inputs.parameters.age_public_key}}"
+ - name: values_secret_name
+ value: "{{inputs.parameters.values_secret_name}}"
+ - name: reference_secret_for_values
+ value: "{{inputs.parameters.reference_secret_for_values}}"
+ - name: reference_key_for_values
+ value: "{{inputs.parameters.reference_key_for_values}}"
+ - name: secret_key
+ value: "{{inputs.parameters.secret_key}}"
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ value: "{{inputs.parameters.is_preexisting_cm}}"
+ - name: values_cm_name
+ value: "{{inputs.parameters.values_cm_name}}"
+ - name: cm_key
+ value: "{{inputs.parameters.cm_key}}"
+ - name: cm_values
+ value: "{{inputs.parameters.cm_values}}"
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ value: "{{inputs.parameters.ksu_name}}"
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ - name: sync
+ value: "{{inputs.parameters.sync}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create KSU {{inputs.parameters.ksu_name}} into {{inputs.parameters.profile_name}} profile of {{inputs.parameters.profile_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-oka.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-oka.yaml
new file mode 100644
index 0000000..5b76543
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-oka.yaml
@@ -0,0 +1,146 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-create-oka-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Temporary volume with OKA contents
+ - name: temp_volume_name
+ # Specific parameters - OKA
+ - name: oka_name
+ ## Choose among `infra-controllers`, `infra-configs`, `cloud-resources`, `apps`:
+ - name: oka_type
+ - name: project_name
+ value: "osm_admin"
+ - name: tarball_file
+ value: "true"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: create-oka
+
+ templates:
+ # Main template
+ - name: create-oka
+ inputs:
+ parameters:
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ - name: temp_volume_name
+ - name: oka_name
+ - name: oka_type
+ - name: project_name
+ - name: tarball_file
+ - name: debug
+ - name: dry_run
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: create-oka
+ templateRef:
+ name: oka-management-wft
+ template: create-oka
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: temp_volume_name
+ value: "{{inputs.parameters.temp_volume_name}}"
+ # Specific parameters
+ - name: oka_name
+ value: "{{inputs.parameters.oka_name}}"
+ - name: oka_type
+ value: "{{inputs.parameters.oka_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ - name: tarball_file
+ value: "{{inputs.parameters.tarball_file}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create OKA {{inputs.parameters.oka_name}} of {{inputs.parameters.oka_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-profile.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-profile.yaml
new file mode 100644
index 0000000..b9b63ea
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-profile.yaml
@@ -0,0 +1,146 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-create-profile-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+
+ # Debugging
+ - name: dry_run
+ value: false
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: create-profile
+
+ templates:
+
+ # Main template
+ - name: create-profile
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+
+ # Debugging
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Create profile
+ - - name: create-profile
+ templateRef:
+ name: profile-management-wft
+ template: create-profile
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ # Specific parameters
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ - name: fleet_repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create profile {{inputs.parameters.profile_name}} of type {{inputs.parameters.profile_type}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-providerconfig-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-providerconfig-wft.yaml
new file mode 100644
index 0000000..eb95a9b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-providerconfig-wft.yaml
@@ -0,0 +1,207 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-create-crossplane-providerconfig
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters
+ - name: providerconfig_name
+ ## As of today, one among `azure`, `aws` or `gcp`
+ - name: provider_type
+ ## Final secret to reference from the `ProviderConfig`
+ - name: cred_secret_name
+ ## Temporary secret with secret contents for the workflow
+ ## - If `temp_cred_secret_name` is empty, assumes that the final secret already exists
+ - name: temp_cred_secret_name
+ value: ""
+ - name: temp_cred_secret_key
+ value: "creds"
+ - name: age_public_key_mgmt
+ - name: osm_project_name
+ value: "osm_admin"
+ ## Specific parameters - GCP only
+ - name: target_gcp_project
+ value: ""
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: create-crossplane-providerconfig
+
+ templates:
+
+ # Main template
+ - name: create-crossplane-providerconfig
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters
+ - name: providerconfig_name
+ - name: provider_type
+ - name: cred_secret_name
+ - name: temp_cred_secret_name
+ - name: temp_cred_secret_key
+ - name: age_public_key_mgmt
+ - name: osm_project_name
+ - name: target_gcp_project
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: create-crossplane-providerconfig
+ templateRef:
+ name: cloud-accounts-wft
+ template: create-crossplane-providerconfig
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters
+ - name: providerconfig_name
+ value: "{{inputs.parameters.providerconfig_name}}"
+ - name: provider_type
+ value: "{{inputs.parameters.provider_type}}"
+ - name: cred_secret_name
+ value: "{{inputs.parameters.cred_secret_name}}"
+ - name: temp_cred_secret_name
+ value: "{{inputs.parameters.temp_cred_secret_name}}"
+ - name: temp_cred_secret_key
+ value: "{{inputs.parameters.temp_cred_secret_key}}"
+ - name: age_public_key_mgmt
+ value: "{{inputs.parameters.age_public_key_mgmt}}"
+ - name: osm_project_name
+ value: "{{inputs.parameters.osm_project_name}}"
+ - name: target_gcp_project
+ value: "{{inputs.parameters.target_gcp_project}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create ProviderConfig {{inputs.parameters.providerconfig_name}} for {{inputs.parameters.provider_type}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-cluster-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-cluster-wft.yaml
new file mode 100644
index 0000000..7ef0dc2
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-cluster-wft.yaml
@@ -0,0 +1,140 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-delete-cluster-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: project_name
+ value: "osm_admin"
+
+ # Debugging
+ - name: dry_run
+ value: false
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: delete-cluster
+
+ templates:
+
+ # Main template
+ - name: delete-cluster
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: project_name
+
+ # Debugging
+ - name: dry_run
+
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: delete-cluster
+ templateRef:
+ name: cluster-management-wft
+ template: delete-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ # Specific parameters
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Delete cluster {{inputs.parameters.cluster_kustomization_name}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-ksu.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-ksu.yaml
new file mode 100644
index 0000000..b933cc9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-ksu.yaml
@@ -0,0 +1,176 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-delete-ksu-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters - KSU id
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: delete-ksu
+
+ templates:
+ # Main template
+ - name: delete-ksu
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters - KSU id
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ # Debug/dry run?
+ - name: debug
+ - name: dry_run
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: delete-ksu
+ templateRef:
+ name: ksu-management-wft
+ template: delete-ksu
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters - KSU id
+ - name: ksu_name
+ value: "{{inputs.parameters.ksu_name}}"
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Delete KSU {{inputs.parameters.ksu_name}} from {{inputs.parameters.profile_name}} profile of {{inputs.parameters.profile_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-oka.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-oka.yaml
new file mode 100644
index 0000000..c39c595
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-oka.yaml
@@ -0,0 +1,136 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-delete-oka-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters - OKA
+ - name: oka_name
+ ## Choose among `infra-controllers`, `infra-configs`, `cloud-resources`, `apps`:
+ - name: oka_type
+ - name: project_name
+ value: "osm_admin"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: delete-oka
+
+ templates:
+ # Main template
+ - name: delete-oka
+ inputs:
+ parameters:
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ - name: oka_name
+ - name: oka_type
+ - name: project_name
+ - name: debug
+ - name: dry_run
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: delete-oka
+ templateRef:
+ name: oka-management-wft
+ template: delete-oka
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters
+ - name: oka_name
+ value: "{{inputs.parameters.oka_name}}"
+ - name: oka_type
+ value: "{{inputs.parameters.oka_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Delete OKA {{inputs.parameters.oka_name}} of {{inputs.parameters.oka_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-profile.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-profile.yaml
new file mode 100644
index 0000000..8f127d2
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-profile.yaml
@@ -0,0 +1,144 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-delete-profile-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+
+ # Debugging
+ - name: dry_run
+ value: false
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: delete-profile
+
+ templates:
+
+ # Main template
+ - name: delete-profile
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+
+ # Debugging
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Delete profile
+ - - name: delete-profile
+ templateRef:
+ name: profile-management-wft
+ template: delete-profile
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ # Specific parameters
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Delete profile {{inputs.parameters.profile_name}} of type {{inputs.parameters.profile_type}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-providerconfig-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-providerconfig-wft.yaml
new file mode 100644
index 0000000..6a59d34
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-delete-providerconfig-wft.yaml
@@ -0,0 +1,180 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-delete-crossplane-providerconfig
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters
+ - name: providerconfig_name
+ ## As of today, one among `azure`, `aws` or `gcp`
+ - name: provider_type
+ - name: osm_project_name
+ value: "osm_admin"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: delete-crossplane-providerconfig
+
+ templates:
+
+ # Main template
+ - name: delete-crossplane-providerconfig
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters
+ - name: providerconfig_name
+ - name: provider_type
+ - name: osm_project_name
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: delete-crossplane-providerconfig
+ templateRef:
+ name: cloud-accounts-wft
+ template: delete-crossplane-providerconfig
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters
+ - name: providerconfig_name
+ value: "{{inputs.parameters.providerconfig_name}}"
+ - name: provider_type
+ value: "{{inputs.parameters.provider_type}}"
+ - name: osm_project_name
+ value: "{{inputs.parameters.osm_project_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Delete ProviderConfig {{inputs.parameters.providerconfig_name}} for {{inputs.parameters.provider_type}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-detach-profile.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-detach-profile.yaml
new file mode 100644
index 0000000..9d56489
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-detach-profile.yaml
@@ -0,0 +1,150 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-detach-profile-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ - name: cluster_kustomization_name
+
+ # Debugging
+ - name: dry_run
+ value: false
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: detach-profile
+
+ templates:
+
+ # Main template
+ - name: detach-profile
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ - name: cluster_kustomization_name
+
+ # Debugging
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Detach profile from cluster
+ - - name: detach-profile
+ templateRef:
+ name: profile-management-wft
+ template: detach-profile-from-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ # Specific parameters
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ - name: fleet_repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Detach {{inputs.parameters.profile_name}} profile from {{inputs.parameters.cluster_kustomization_name}} cluster"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-disconnect-flux-remote-cluster-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-disconnect-flux-remote-cluster-wft.yaml
new file mode 100644
index 0000000..d2daa5b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-disconnect-flux-remote-cluster-wft.yaml
@@ -0,0 +1,142 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-disconnect-flux-remote-cluster-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: mgmt_project_name
+ value: "osm_admin"
+
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: disconnect-remote-cluster
+
+ templates:
+
+ # Main template
+ - name: disconnect-remote-cluster
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: mgmt_project_name
+
+ # Debugging
+ - name: debug
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Disconnect the remote cluster
+ - - name: disconnect-flux-remote-cluster
+ templateRef:
+ name: cluster-management-wft
+ template: disconnect-flux-remote-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+
+ # Specific parameters
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ - name: mgmt_project_name
+ value: "{{inputs.parameters.mgmt_project_name}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Disconnect imported cluster {{inputs.parameters.cluster_kustomization_name}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-aks-cluster.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-aks-cluster.yaml
new file mode 100644
index 0000000..711cf4d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-aks-cluster.yaml
@@ -0,0 +1,199 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-update-aks-cluster-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - AKS cluster
+ - name: cluster_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: rg_name
+ - name: k8s_version
+ - name: providerconfig_name
+ - name: cluster_kustomization_name
+
+ # Debugging
+ - name: dry_run
+ value: false
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: update-aks-cluster
+
+ templates:
+
+ # Main template
+ - name: update-aks-cluster
+ inputs:
+ parameters:
+ # Git repos
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - AKS cluster
+ - name: cluster_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: rg_name
+ - name: k8s_version
+ - name: providerconfig_name
+ - name: cluster_kustomization_name
+
+ # Debugging
+ - name: dry_run
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Update cluster definition
+ - - name: update-cluster-aks
+ templateRef:
+ name: cluster-management-wft
+ template: create-cluster-aks
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ # Specific parameters
+ - name: cluster_name
+ value: "{{inputs.parameters.cluster_name}}"
+ - name: vm_size
+ value: "{{inputs.parameters.vm_size}}"
+ - name: node_count
+ value: "{{inputs.parameters.node_count}}"
+ - name: cluster_location
+ value: "{{inputs.parameters.cluster_location}}"
+ - name: rg_name
+ value: "{{inputs.parameters.rg_name}}"
+ - name: k8s_version
+ value: "{{inputs.parameters.k8s_version}}"
+ - name: providerconfig_name
+ value: "{{inputs.parameters.providerconfig_name}}"
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Update AKS cluster {{inputs.parameters.cluster_kustomization_name}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-crossplane-cluster-and-bootstrap-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-crossplane-cluster-and-bootstrap-wft.yaml
new file mode 100644
index 0000000..3e661c4
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-crossplane-cluster-and-bootstrap-wft.yaml
@@ -0,0 +1,284 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-update-crossplane-cluster-and-bootstrap-wft
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters - Generic cluster creation
+ - name: cluster_kustomization_name
+ - name: cluster_name
+ - name: cluster_type
+ - name: providerconfig_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: k8s_version
+
+ # Specific parameters - Bootstrap and credentials
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ value: "agekey"
+ # Using `git_fleet_url` instead:
+ # - name: fleet_repo_url
+ # Using `git_sw_catalogs_url` instead:
+ # - name: sw_catalogs_repo_url
+ - name: mgmt_project_name
+ value: "osm_admin"
+
+ # Specific parameters - AKS only
+ - name: rg_name
+ values: ""
+
+ # Specific parameters - GKE only
+ - name: preemptible_nodes
+ values: "false"
+
+ # Advanced parameters - Recommended to keep defaults
+ - name: mgmt_cluster_name
+ value: "_management"
+ - name: base_templates_path
+ value: "cloud-resources"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ - name: cloned_sw_catalogs_folder_name
+ value: "sw-catalogs-osm"
+
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+
+ # # Cleanup policy
+ # ttlStrategy:
+ # secondsAfterCompletion: 100 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ # secondsAfterSuccess: 50 # Time to live after workflow is successful
+ # secondsAfterFailure: 50 # Time to live after workflow fails
+
+ entrypoint: update-cluster-and-bootstrap
+
+ templates:
+ # Main template
+ - name: update-cluster-and-bootstrap
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters
+ - name: cluster_kustomization_name
+ - name: cluster_name
+ - name: cluster_type
+ - name: providerconfig_name
+ - name: vm_size
+ - name: node_count
+ - name: cluster_location
+ - name: k8s_version
+ - name: public_key_mgmt
+ - name: public_key_new_cluster
+ - name: secret_name_private_age_key_for_new_cluster
+ - name: key_name_in_secret
+ # - name: fleet_repo_url
+ # - name: sw_catalogs_repo_url
+ - name: mgmt_project_name
+ # - name: skip_bootstrap
+ ## AKS only (otherwise, ignored)
+ - name: rg_name
+ ## GKE only (otherwise, ignored)
+ - name: preemptible_nodes
+ # Other parameters - Recommended to keep defaults
+ - name: mgmt_cluster_name
+ - name: base_templates_path
+ - name: cloned_fleet_folder_name
+ - name: cloned_sw_catalogs_folder_name
+ # Debug/dry run?
+ - name: debug
+ - name: dry_run
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ # Create cluster in target cloud
+ - - name: update-cluster
+ templateRef:
+ name: cluster-management-wft
+ template: update-crossplane-cluster
+ arguments:
+ parameters:
+ # Volumes with cloned repos
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_mount_path
+ value: "/sw-catalogs"
+ # Specific parameters
+ - name: cluster_kustomization_name
+ value: "{{inputs.parameters.cluster_kustomization_name}}"
+ - name: cluster_name
+ value: "{{inputs.parameters.cluster_name}}"
+ - name: cluster_type
+ value: "{{inputs.parameters.cluster_type}}"
+ - name: providerconfig_name
+ value: "{{inputs.parameters.providerconfig_name}}"
+ - name: vm_size
+ value: "{{inputs.parameters.vm_size}}"
+ - name: node_count
+ value: "{{inputs.parameters.node_count}}"
+ - name: cluster_location
+ value: "{{inputs.parameters.cluster_location}}"
+ - name: k8s_version
+ value: "{{inputs.parameters.k8s_version}}"
+ - name: public_key_mgmt
+ value: "{{inputs.parameters.public_key_mgmt}}"
+ - name: public_key_new_cluster
+ value: "{{inputs.parameters.public_key_new_cluster}}"
+ - name: secret_name_private_age_key_for_new_cluster
+ value: "{{inputs.parameters.secret_name_private_age_key_for_new_cluster}}"
+ - name: key_name_in_secret
+ value: "{{inputs.parameters.key_name_in_secret}}"
+ ## Fed with `git_fleet_url` to avoid duplicates
+ - name: fleet_repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ ## Fed with `git_sw_catalogs_url` to avoid duplicates
+ - name: sw_catalogs_repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: mgmt_project_name
+ value: "{{inputs.parameters.mgmt_project_name}}"
+ # - name: skip_bootstrap
+ # value: "{{inputs.parameters.skip_bootstrap}}"
+ ## AKS only
+ - name: rg_name
+ value: "{{inputs.parameters.rg_name}}"
+ ## GKE only
+ - name: preemptible_nodes
+ value: "{{inputs.parameters.preemptible_nodes}}"
+ # Other parameters - Recommended to keep defaults
+ - name: mgmt_cluster_name
+ value: "{{inputs.parameters.mgmt_cluster_name}}"
+ - name: base_templates_path
+ value: "{{inputs.parameters.base_templates_path}}"
+ - name: cloned_fleet_folder_name
+ value: "{{inputs.parameters.cloned_fleet_folder_name}}"
+ - name: cloned_sw_catalogs_folder_name
+ value: "{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Create AKS cluster {{inputs.parameters.cluster_kustomization_name}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-ksu-generated-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-ksu-generated-hr.yaml
new file mode 100644
index 0000000..35f2ef3
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-ksu-generated-hr.yaml
@@ -0,0 +1,278 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-update-ksu-generated-hr-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # HelmRelease generation
+ - name: helmrelease_name
+ - name: chart_name
+ - name: chart_version
+ - name: target_ns
+ - name: create_ns
+ # Repo source generation
+ - name: is_preexisting_repo
+ value: "false"
+ - name: helmrepo_name
+ - name: helmrepo_url
+ - name: helmrepo_ns
+ valueFrom:
+ expression: "{{inputs.parameters.target_ns}}"
+ - name: helmrepo_secret_ref
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ value: ""
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ value: "false"
+ - name: values_secret_name
+ - name: secret_key
+ value: "values.yaml"
+ - name: age_public_key
+ ################################################################
+ ## A temporary secret should exist already in the `osm-workflows`
+ ## namespace containing the desired secret key-values
+ ## in a well-known key (in the example, `creds`).
+ ##
+ ## For instance:
+ ##
+ ## creds: |
+ ## jenkinsUser: admin
+ ## jenkinsPassword: myJ3nk1n2P2ssw0rd
+ ##
+ ## Secret values will be obtained from the
+ ## secret named after the input parameter `reference_secret_for_values`,
+ ## and from the key named after the input parameter `reference_key_for_values`
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ ### `FLEET_REPO_DIR` is the result of:
+ ### "{{inputs.parameters.fleet_mount_path}}/{{inputs.parameters.cloned_fleet_folder_name}}"
+ - name: cloned_fleet_folder_name
+ value: "fleet-osm"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: update-ksu-hr
+
+ templates:
+ # Main template
+ - name: update-ksu-hr
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # HelmRelease generation
+ - name: helmrelease_name
+ - name: chart_name
+ - name: chart_version
+ - name: target_ns
+ - name: create_ns
+ # Repo source generation
+ - name: is_preexisting_repo
+ - name: helmrepo_name
+ - name: helmrepo_url
+ - name: helmrepo_ns
+ - name: helmrepo_secret_ref
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ - name: values_secret_name
+ - name: secret_key
+ - name: age_public_key
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ - name: cm_values
+ # KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ - name: cloned_fleet_folder_name
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: update-ksu-generated-hr
+ templateRef:
+ name: ksu-management-wft
+ template: update-ksu-generated-hr
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: fleet_mount_path
+ value: "/fleet"
+ # HelmRelease generation
+ - name: helmrelease_name
+ value: "{{inputs.parameters.helmrelease_name}}"
+ - name: chart_name
+ value: "{{inputs.parameters.chart_name}}"
+ - name: chart_version
+ value: "{{inputs.parameters.chart_version}}"
+ - name: target_ns
+ value: "{{inputs.parameters.target_ns}}"
+ - name: create_ns
+ value: "{{inputs.parameters.create_ns}}"
+ # Repo source generation
+ - name: is_preexisting_repo
+ value: "{{inputs.parameters.is_preexisting_repo}}"
+ - name: helmrepo_name
+ value: "{{inputs.parameters.helmrepo_name}}"
+ - name: helmrepo_url
+ value: "{{inputs.parameters.helmrepo_url}}"
+ - name: helmrepo_ns
+ value: "{{inputs.parameters.helmrepo_ns}}"
+ - name: helmrepo_secret_ref
+ value: "{{inputs.parameters.helmrepo_secret_ref}}"
+ # HelmRelease inline values (if any)
+ - name: inline_values
+ value: "{{inputs.parameters.inline_values}}"
+ # Secret reference and generation (if required)
+ - name: is_preexisting_secret
+ value: "{{inputs.parameters.is_preexisting_secret}}"
+ - name: values_secret_name
+ value: "{{inputs.parameters.values_secret_name}}"
+ - name: secret_key
+ value: "{{inputs.parameters.secret_key}}"
+ - name: age_public_key
+ value: "{{inputs.parameters.age_public_key}}"
+ ## Secret values will be obtained from this key in this secret
+ - name: reference_secret_for_values
+ value: "{{inputs.parameters.reference_secret_for_values}}"
+ - name: reference_key_for_values
+ value: "{{inputs.parameters.reference_key_for_values}}"
+ # ConfigMap reference and generation (if required)
+ - name: is_preexisting_cm
+ value: "{{inputs.parameters.is_preexisting_cm}}"
+ - name: values_cm_name
+ value: "{{inputs.parameters.values_cm_name}}"
+ - name: cm_key
+ value: "{{inputs.parameters.cm_key}}"
+ - name: cm_values
+ value: "{{inputs.parameters.cm_values}}"
+ # KSU rendering
+ - name: ksu_name
+ value: "{{inputs.parameters.ksu_name}}"
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ ## Root folder of the cloned Fleet repo - Do not touch
+ - name: cloned_fleet_folder_name
+ value: "{{inputs.parameters.cloned_fleet_folder_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Update KSU {{inputs.parameters.ksu_name}} of {{inputs.parameters.profile_name}} profile of {{inputs.parameters.profile_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-ksu-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-ksu-hr.yaml
new file mode 100644
index 0000000..3d35084
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-ksu-hr.yaml
@@ -0,0 +1,278 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-update-ksu-hr-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters - Base KSU generation from template
+ ## Relative path from "SW Catalogs" repo root
+ - name: templates_path
+ ## Should substitute environment variables in the template?
+ - name: substitute_environment
+ ## Filter for substitution of environment variables
+ - name: substitution_filter
+ ## Custom environment variables (formatted as .env), to be used for template parametrization
+ - name: custom_env_vars
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ - name: helmrelease_name
+ - name: inline_values
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ - name: target_ns
+ - name: age_public_key
+ - name: values_secret_name
+ - name: secret_key
+ value: "values.yaml"
+ ################################################################
+ # This temporary secret should exist already in the `osm-workflows`
+ # namespace and contain the desired secret key-values
+ # in a well-known key (in the example, `creds`).
+ #
+ # For instance:
+ #
+ # creds: |
+ # jenkinsUser: admin
+ # jenkinsPassword: myJ3nk1n2P2ssw0rd
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ value: "values.yaml"
+ - name: cm_values
+ value: ""
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ value: "osm_admin"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: update-ksu-hr
+
+ templates:
+ # Main template
+ - name: update-ksu-hr
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters - Base KSU generation from template
+ - name: templates_path
+ - name: substitute_environment
+ - name: substitution_filter
+ - name: custom_env_vars
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ - name: helmrelease_name
+ - name: inline_values
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ - name: target_ns
+ - name: age_public_key
+ - name: values_secret_name
+ - name: reference_secret_for_values
+ - name: reference_key_for_values
+ - name: secret_key
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ - name: values_cm_name
+ - name: cm_key
+ - name: cm_values
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ - name: profile_name
+ - name: profile_type
+ - name: project_name
+ # Debug/dry run?
+ - name: debug
+ - name: dry_run
+
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: update-ksu-oka-hr
+ templateRef:
+ name: ksu-management-wft
+ template: update-ksu-oka-hr
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters - Base KSU generation from template
+ - name: templates_path
+ value: "{{inputs.parameters.templates_path}}"
+ - name: substitute_environment
+ value: "{{inputs.parameters.substitute_environment}}"
+ - name: substitution_filter
+ value: "{{inputs.parameters.substitution_filter}}"
+ - name: custom_env_vars
+ value: "{{inputs.parameters.custom_env_vars}}"
+ # Specific parameters - Patch HelmRelease in KSU with inline values
+ - name: kustomization_name
+ value: "{{inputs.parameters.kustomization_name}}"
+ - name: helmrelease_name
+ value: "{{inputs.parameters.helmrelease_name}}"
+ - name: inline_values
+ value: "{{inputs.parameters.inline_values}}"
+ # Specific parameters - Secret generation
+ - name: is_preexisting_secret
+ value: "{{inputs.parameters.is_preexisting_secret}}"
+ - name: target_ns
+ value: "{{inputs.parameters.target_ns}}"
+ - name: age_public_key
+ value: "{{inputs.parameters.age_public_key}}"
+ - name: values_secret_name
+ value: "{{inputs.parameters.values_secret_name}}"
+ - name: reference_secret_for_values
+ value: "{{inputs.parameters.reference_secret_for_values}}"
+ - name: reference_key_for_values
+ value: "{{inputs.parameters.reference_key_for_values}}"
+ - name: secret_key
+ value: "{{inputs.parameters.secret_key}}"
+ # Specific parameters - Configmap generation
+ - name: is_preexisting_cm
+ value: "{{inputs.parameters.is_preexisting_cm}}"
+ - name: values_cm_name
+ value: "{{inputs.parameters.values_cm_name}}"
+ - name: cm_key
+ value: "{{inputs.parameters.cm_key}}"
+ - name: cm_values
+ value: "{{inputs.parameters.cm_values}}"
+ # Specific parameters - KSU rendering
+ - name: ksu_name
+ value: "{{inputs.parameters.ksu_name}}"
+ - name: profile_name
+ value: "{{inputs.parameters.profile_name}}"
+ - name: profile_type
+ value: "{{inputs.parameters.profile_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Update KSU {{inputs.parameters.ksu_name}} of {{inputs.parameters.profile_name}} profile of {{inputs.parameters.profile_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-oka.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-oka.yaml
new file mode 100644
index 0000000..dd563d9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-oka.yaml
@@ -0,0 +1,146 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-update-oka-wtf
+ namespace: osm-workflows
+spec:
+ arguments:
+ parameters:
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Temporary volume with OKA contents
+ - name: temp_volume_name
+ # Specific parameters - OKA
+ - name: oka_name
+ ## Choose among `infra-controllers`, `infra-configs`, `cloud-resources`, `apps`:
+ - name: oka_type
+ - name: project_name
+ value: "osm_admin"
+ - name: tarball_file
+ value: "true"
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: update-oka
+
+ templates:
+ # Main template
+ - name: update-oka
+ inputs:
+ parameters:
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ - name: temp_volume_name
+ - name: oka_name
+ - name: oka_type
+ - name: project_name
+ - name: tarball_file
+ - name: debug
+ - name: dry_run
+ steps:
+ # ------ Preparations for transaction
+ - - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: update-oka
+ templateRef:
+ name: oka-management-wft
+ template: update-oka
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: temp_volume_name
+ value: "{{inputs.parameters.temp_volume_name}}"
+ # Specific parameters
+ - name: oka_name
+ value: "{{inputs.parameters.oka_name}}"
+ - name: oka_type
+ value: "{{inputs.parameters.oka_type}}"
+ - name: project_name
+ value: "{{inputs.parameters.project_name}}"
+ - name: tarball_file
+ value: "{{inputs.parameters.tarball_file}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Update OKA {{inputs.parameters.oka_name}} of {{inputs.parameters.oka_type}} type @ {{inputs.parameters.project_name}} project"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-providerconfig-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-providerconfig-wft.yaml
new file mode 100644
index 0000000..6e17e9b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-update-providerconfig-wft.yaml
@@ -0,0 +1,207 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: full-update-crossplane-providerconfig
+ namespace: osm-workflows
+
+spec:
+ arguments:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+
+ # Specific parameters
+ - name: providerconfig_name
+ ## As of today, one among `azure`, `aws` or `gcp`
+ - name: provider_type
+ ## Final secret to reference from the `ProviderConfig`
+ - name: cred_secret_name
+ ## Temporary secret with secret contents for the workflow
+ ## - If `temp_cred_secret_name` is empty, assumes that the final secret already exists
+ - name: temp_cred_secret_name
+ value: ""
+ - name: temp_cred_secret_key
+ value: "creds"
+ - name: age_public_key_mgmt
+ - name: osm_project_name
+ value: "osm_admin"
+ ## Specific parameters - GCP only
+ - name: target_gcp_project
+ value: ""
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ # Cleanup policy
+ ttlStrategy:
+ secondsAfterCompletion: 6000 # Time to live after workflow is completed, replaces ttlSecondsAfterFinished
+ secondsAfterSuccess: 6000 # Time to live after workflow is successful
+ secondsAfterFailure: 9000 # Time to live after workflow fails
+
+ entrypoint: update-crossplane-providerconfig
+
+ templates:
+
+ # Main template
+ - name: update-crossplane-providerconfig
+ inputs:
+ parameters:
+ # Fleet repo
+ - name: git_fleet_url
+ - name: fleet_destination_folder
+ - name: git_fleet_cred_secret
+ # SW-Catalogs repo
+ - name: git_sw_catalogs_url
+ - name: sw_catalogs_destination_folder
+ - name: git_sw_catalogs_cred_secret
+ # Specific parameters
+ - name: providerconfig_name
+ - name: provider_type
+ - name: cred_secret_name
+ - name: temp_cred_secret_name
+ - name: temp_cred_secret_key
+ - name: age_public_key_mgmt
+ - name: osm_project_name
+ - name: target_gcp_project
+ # Debug/dry run?
+ - name: debug
+ value: "false"
+ - name: dry_run
+ value: "false"
+
+ steps:
+
+ # ------ Preparations for transaction
+ - - name: generate-fleet-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - name: generate-sw-catalogs-volume-repo
+ templateRef:
+ name: k8s-resources-wft
+ template: generate-volume
+ arguments:
+ parameters:
+ - name: pvc-size
+ value: '100Mi'
+ - - name: clone-fleet
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_url
+ value: "{{inputs.parameters.git_fleet_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: clone-sw-catalogs
+ templateRef:
+ name: git-wft
+ template: git-clone
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/sw-catalogs"
+ - name: repo_url
+ value: "{{inputs.parameters.git_sw_catalogs_url}}"
+ - name: destination_folder
+ value: "{{inputs.parameters.sw_catalogs_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_sw_catalogs_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # ------ end of preparations for transaction
+
+ # ------ Transformations
+ - - name: update-crossplane-providerconfig
+ templateRef:
+ name: cloud-accounts-wft
+ template: update-crossplane-providerconfig
+ arguments:
+ parameters:
+ # References to required external resources
+ - name: fleet_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: sw_catalogs_volume_name
+ value: '{{steps.generate-sw-catalogs-volume-repo.outputs.parameters.pvc-name}}'
+ # Specific parameters
+ - name: providerconfig_name
+ value: "{{inputs.parameters.providerconfig_name}}"
+ - name: provider_type
+ value: "{{inputs.parameters.provider_type}}"
+ - name: cred_secret_name
+ value: "{{inputs.parameters.cred_secret_name}}"
+ - name: temp_cred_secret_name
+ value: "{{inputs.parameters.temp_cred_secret_name}}"
+ - name: temp_cred_secret_key
+ value: "{{inputs.parameters.temp_cred_secret_key}}"
+ - name: age_public_key_mgmt
+ value: "{{inputs.parameters.age_public_key_mgmt}}"
+ - name: osm_project_name
+ value: "{{inputs.parameters.osm_project_name}}"
+ - name: target_gcp_project
+ value: "{{inputs.parameters.target_gcp_project}}"
+ # Debug?
+ - name: debug
+ value: "{{inputs.parameters.debug}}"
+ # ------ end of transformations
+
+ # ------ Commit transaction
+ - - name: push-to-fleet
+ templateRef:
+ name: git-wft
+ template: git-commit-merge-push
+ arguments:
+ parameters:
+ - name: mount_path
+ value: "/fleet"
+ - name: repo_folder
+ value: "{{inputs.parameters.fleet_destination_folder}}"
+ - name: git_cred_secret
+ value: "{{inputs.parameters.git_fleet_cred_secret}}"
+ - name: git_volume_name
+ value: '{{steps.generate-fleet-volume-repo.outputs.parameters.pvc-name}}'
+ - name: commit_message
+ value: "Update ProviderConfig {{inputs.parameters.providerconfig_name}} for {{inputs.parameters.provider_type}}"
+ - name: main_branch
+ value: main
+ - name: contrib_branch
+ value: osm_contrib
+ - name: dry_run
+ value: "{{inputs.parameters.dry_run}}"
+# ------ end of commit transaction
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/manifests/argo-namespace.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/manifests/argo-namespace.yaml
new file mode 100644
index 0000000..6dc94f9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/manifests/argo-namespace.yaml
@@ -0,0 +1,23 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: argo
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/manifests/argo-wf-controller.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/manifests/argo-wf-controller.yaml
new file mode 100644
index 0000000..103ba4b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/manifests/argo-wf-controller.yaml
@@ -0,0 +1,1369 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# This is an auto-generated file. DO NOT EDIT
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterworkflowtemplates.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: ClusterWorkflowTemplate
+ listKind: ClusterWorkflowTemplateList
+ plural: clusterworkflowtemplates
+ shortNames:
+ - clusterwftmpl
+ - cwft
+ singular: clusterworkflowtemplate
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: cronworkflows.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: CronWorkflow
+ listKind: CronWorkflowList
+ plural: cronworkflows
+ shortNames:
+ - cwf
+ - cronwf
+ singular: cronworkflow
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowartifactgctasks.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowArtifactGCTask
+ listKind: WorkflowArtifactGCTaskList
+ plural: workflowartifactgctasks
+ shortNames:
+ - wfat
+ singular: workflowartifactgctask
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workfloweventbindings.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowEventBinding
+ listKind: WorkflowEventBindingList
+ plural: workfloweventbindings
+ shortNames:
+ - wfeb
+ singular: workfloweventbinding
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflows.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: Workflow
+ listKind: WorkflowList
+ plural: workflows
+ shortNames:
+ - wf
+ singular: workflow
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Status of the workflow
+ jsonPath: .status.phase
+ name: Status
+ type: string
+ - description: When the workflow was started
+ format: date-time
+ jsonPath: .status.startedAt
+ name: Age
+ type: date
+ - description: Human readable message indicating details about why the workflow
+ is in this condition.
+ jsonPath: .status.message
+ name: Message
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtaskresults.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTaskResult
+ listKind: WorkflowTaskResultList
+ plural: workflowtaskresults
+ singular: workflowtaskresult
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ message:
+ type: string
+ metadata:
+ type: object
+ outputs:
+ properties:
+ artifacts:
+ items:
+ properties:
+ archive:
+ properties:
+ none:
+ type: object
+ tar:
+ properties:
+ compressionLevel:
+ format: int32
+ type: integer
+ type: object
+ zip:
+ type: object
+ type: object
+ archiveLogs:
+ type: boolean
+ artifactGC:
+ properties:
+ podMetadata:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ type: string
+ strategy:
+ enum:
+ - ""
+ - OnWorkflowCompletion
+ - OnWorkflowDeletion
+ - Never
+ type: string
+ type: object
+ artifactory:
+ properties:
+ passwordSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ url:
+ type: string
+ usernameSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - url
+ type: object
+ azure:
+ properties:
+ accountKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ blob:
+ type: string
+ container:
+ type: string
+ endpoint:
+ type: string
+ useSDKCreds:
+ type: boolean
+ required:
+ - blob
+ - container
+ - endpoint
+ type: object
+ deleted:
+ type: boolean
+ from:
+ type: string
+ fromExpression:
+ type: string
+ gcs:
+ properties:
+ bucket:
+ type: string
+ key:
+ type: string
+ serviceAccountKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - key
+ type: object
+ git:
+ properties:
+ branch:
+ type: string
+ depth:
+ format: int64
+ type: integer
+ disableSubmodules:
+ type: boolean
+ fetch:
+ items:
+ type: string
+ type: array
+ insecureIgnoreHostKey:
+ type: boolean
+ passwordSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ repo:
+ type: string
+ revision:
+ type: string
+ singleBranch:
+ type: boolean
+ sshPrivateKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ usernameSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - repo
+ type: object
+ globalName:
+ type: string
+ hdfs:
+ properties:
+ addresses:
+ items:
+ type: string
+ type: array
+ force:
+ type: boolean
+ hdfsUser:
+ type: string
+ krbCCacheSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbConfigConfigMap:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbKeytabSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbRealm:
+ type: string
+ krbServicePrincipalName:
+ type: string
+ krbUsername:
+ type: string
+ path:
+ type: string
+ required:
+ - path
+ type: object
+ http:
+ properties:
+ auth:
+ properties:
+ basicAuth:
+ properties:
+ passwordSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ usernameSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ clientCert:
+ properties:
+ clientCertSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ clientKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ oauth2:
+ properties:
+ clientIDSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ clientSecretSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ endpointParams:
+ items:
+ properties:
+ key:
+ type: string
+ value:
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ scopes:
+ items:
+ type: string
+ type: array
+ tokenURLSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ type: object
+ headers:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ url:
+ type: string
+ required:
+ - url
+ type: object
+ mode:
+ format: int32
+ type: integer
+ name:
+ type: string
+ optional:
+ type: boolean
+ oss:
+ properties:
+ accessKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ bucket:
+ type: string
+ createBucketIfNotPresent:
+ type: boolean
+ endpoint:
+ type: string
+ key:
+ type: string
+ lifecycleRule:
+ properties:
+ markDeletionAfterDays:
+ format: int32
+ type: integer
+ markInfrequentAccessAfterDays:
+ format: int32
+ type: integer
+ type: object
+ secretKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ securityToken:
+ type: string
+ useSDKCreds:
+ type: boolean
+ required:
+ - key
+ type: object
+ path:
+ type: string
+ raw:
+ properties:
+ data:
+ type: string
+ required:
+ - data
+ type: object
+ recurseMode:
+ type: boolean
+ s3:
+ properties:
+ accessKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ bucket:
+ type: string
+ caSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ createBucketIfNotPresent:
+ properties:
+ objectLocking:
+ type: boolean
+ type: object
+ encryptionOptions:
+ properties:
+ enableEncryption:
+ type: boolean
+ kmsEncryptionContext:
+ type: string
+ kmsKeyId:
+ type: string
+ serverSideCustomerKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ endpoint:
+ type: string
+ insecure:
+ type: boolean
+ key:
+ type: string
+ region:
+ type: string
+ roleARN:
+ type: string
+ secretKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ useSDKCreds:
+ type: boolean
+ type: object
+ subPath:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ exitCode:
+ type: string
+ parameters:
+ items:
+ properties:
+ default:
+ type: string
+ description:
+ type: string
+ enum:
+ items:
+ type: string
+ type: array
+ globalName:
+ type: string
+ name:
+ type: string
+ value:
+ type: string
+ valueFrom:
+ properties:
+ configMapKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ default:
+ type: string
+ event:
+ type: string
+ expression:
+ type: string
+ jqFilter:
+ type: string
+ jsonPath:
+ type: string
+ parameter:
+ type: string
+ path:
+ type: string
+ supplied:
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ result:
+ type: string
+ type: object
+ phase:
+ type: string
+ progress:
+ type: string
+ required:
+ - metadata
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtasksets.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTaskSet
+ listKind: WorkflowTaskSetList
+ plural: workflowtasksets
+ shortNames:
+ - wfts
+ singular: workflowtaskset
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtemplates.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTemplate
+ listKind: WorkflowTemplateList
+ plural: workflowtemplates
+ shortNames:
+ - wftmpl
+ singular: workflowtemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: argo
+ namespace: argo
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: argo-server
+ namespace: argo
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: argo-role
+ namespace: argo
+rules:
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ name: argo-aggregate-to-admin
+rules:
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ - workflows/finalizers
+ - workfloweventbindings
+ - workfloweventbindings/finalizers
+ - workflowtemplates
+ - workflowtemplates/finalizers
+ - cronworkflows
+ - cronworkflows/finalizers
+ - clusterworkflowtemplates
+ - clusterworkflowtemplates/finalizers
+ - workflowtasksets
+ - workflowtasksets/finalizers
+ - workflowtaskresults
+ - workflowtaskresults/finalizers
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: argo-aggregate-to-edit
+rules:
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ - workflows/finalizers
+ - workfloweventbindings
+ - workfloweventbindings/finalizers
+ - workflowtemplates
+ - workflowtemplates/finalizers
+ - cronworkflows
+ - cronworkflows/finalizers
+ - clusterworkflowtemplates
+ - clusterworkflowtemplates/finalizers
+ - workflowtaskresults
+ - workflowtaskresults/finalizers
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ name: argo-aggregate-to-view
+rules:
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ - workflows/finalizers
+ - workfloweventbindings
+ - workfloweventbindings/finalizers
+ - workflowtemplates
+ - workflowtemplates/finalizers
+ - cronworkflows
+ - cronworkflows/finalizers
+ - clusterworkflowtemplates
+ - clusterworkflowtemplates/finalizers
+ - workflowtaskresults
+ - workflowtaskresults/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: argo-cluster-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/exec
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - watch
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ - persistentvolumeclaims/finalizers
+ verbs:
+ - create
+ - update
+ - delete
+ - get
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ - workflows/finalizers
+ - workflowtasksets
+ - workflowtasksets/finalizers
+ - workflowartifactgctasks
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - delete
+ - create
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflowtemplates
+ - workflowtemplates/finalizers
+ - clusterworkflowtemplates
+ - clusterworkflowtemplates/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflowtaskresults
+ verbs:
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - argoproj.io
+ resources:
+ - cronworkflows
+ - cronworkflows/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - create
+ - get
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: argo-server-cluster-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - watch
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/exec
+ - pods/log
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - watch
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - argoproj.io
+ resources:
+ - eventsources
+ - sensors
+ - workflows
+ - workfloweventbindings
+ - workflowtemplates
+ - cronworkflows
+ - clusterworkflowtemplates
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: argo-binding
+ namespace: argo
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: argo-role
+subjects:
+- kind: ServiceAccount
+ name: argo
+ namespace: argo
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: argo-binding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: argo-cluster-role
+subjects:
+- kind: ServiceAccount
+ name: argo
+ namespace: argo
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: argo-server-binding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: argo-server-cluster-role
+subjects:
+- kind: ServiceAccount
+ name: argo-server
+ namespace: argo
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: workflow-controller-configmap
+ namespace: argo
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: argo-server
+ namespace: argo
+spec:
+ ports:
+ - name: web
+ port: 2746
+ targetPort: 2746
+ selector:
+ app: argo-server
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: workflow-controller
+value: 1000000
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: argo-server
+ namespace: argo
+spec:
+ selector:
+ matchLabels:
+ app: argo-server
+ template:
+ metadata:
+ labels:
+ app: argo-server
+ spec:
+ containers:
+ - args:
+ - server
+ env: []
+ image: quay.io/argoproj/argocli:v3.5.1
+ name: argo-server
+ ports:
+ - containerPort: 2746
+ name: web
+ readinessProbe:
+ httpGet:
+ path: /
+ port: 2746
+ scheme: HTTPS
+ initialDelaySeconds: 10
+ periodSeconds: 20
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: argo-server
+ volumes:
+ - emptyDir: {}
+ name: tmp
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: workflow-controller
+ namespace: argo
+spec:
+ selector:
+ matchLabels:
+ app: workflow-controller
+ template:
+ metadata:
+ labels:
+ app: workflow-controller
+ spec:
+ containers:
+ - args: []
+ command:
+ - workflow-controller
+ env:
+ - name: LEADER_ELECTION_IDENTITY
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.name
+ image: quay.io/argoproj/workflow-controller:v3.5.1
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /healthz
+ port: 6060
+ initialDelaySeconds: 90
+ periodSeconds: 60
+ timeoutSeconds: 30
+ name: workflow-controller
+ ports:
+ - containerPort: 9090
+ name: metrics
+ - containerPort: 6060
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: workflow-controller
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: argo
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/templates/argo-workflows.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/templates/argo-workflows.yaml
new file mode 100644
index 0000000..48f8312
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/argo-workflows/templates/argo-workflows.yaml
@@ -0,0 +1,55 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: argo
+
+---
+# Base Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: argo-workflows
+ namespace: argo
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./infra-controllers/argo-workflows/manifests
+ prune: true
+
+ # (optional - comment otherwise) Set argo-server authentication
+ patches:
+ - target:
+ group: apps
+ version: v1
+ kind: Deployment
+ name: argo-server
+ patch: |-
+ - op: replace
+ path: /spec/template/spec/containers/0/args
+ value:
+ - server
+ - --auth-mode=server
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/cert-manager/manifests/cert-manager-chart.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/cert-manager/manifests/cert-manager-chart.yaml
new file mode 100644
index 0000000..863fa1c
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/cert-manager/manifests/cert-manager-chart.yaml
@@ -0,0 +1,52 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: cert-manager
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: cert-manager
+ namespace: cert-manager
+spec:
+ interval: 24h
+ url: https://charts.jetstack.io
+
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: cert-manager
+ namespace: cert-manager
+spec:
+ interval: 30m
+ chart:
+ spec:
+ chart: cert-manager
+ version: "1.x"
+ sourceRef:
+ kind: HelmRepository
+ name: cert-manager
+ namespace: cert-manager
+ interval: 12h
+ values:
+ installCRDs: true
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/cert-manager/templates/cert-manager-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/cert-manager/templates/cert-manager-ks.yaml
new file mode 100644
index 0000000..68c3581
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/cert-manager/templates/cert-manager-ks.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: cert-manager
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ path: ./infra-controllers/cert-manager/manifests
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-helmrelease.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-helmrelease.yaml
new file mode 100644
index 0000000..9c49bdd
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-helmrelease.yaml
@@ -0,0 +1,38 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Helm release for controller
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: crossplane
+ namespace: crossplane-system
+spec:
+ chart:
+ spec:
+ chart: crossplane
+ reconcileStrategy: ChartVersion
+ sourceRef:
+ kind: HelmRepository
+ name: crossplane-stable
+ namespace: crossplane-system
+ install:
+ createNamespace: true
+ interval: 30s
+ releaseName: crossplane
+ targetNamespace: crossplane-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-helmrepo.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-helmrepo.yaml
new file mode 100644
index 0000000..5e63ea4
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-helmrepo.yaml
@@ -0,0 +1,26 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: crossplane-stable
+ namespace: crossplane-system
+spec:
+ interval: 30s
+ url: https://charts.crossplane.io/stable
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-namespace.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-namespace.yaml
new file mode 100644
index 0000000..ca673b2
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/crossplane-namespace.yaml
@@ -0,0 +1,23 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: crossplane-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/kustomization.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/kustomization.yaml
new file mode 100644
index 0000000..7fe8247
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/manifests/kustomization.yaml
@@ -0,0 +1,23 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - crossplane-namespace.yaml
+ - crossplane-helmrepo.yaml
+ - crossplane-helmrelease.yaml
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/templates/crossplane.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/templates/crossplane.yaml
new file mode 100644
index 0000000..720202b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/controller/templates/crossplane.yaml
@@ -0,0 +1,41 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: crossplane-system
+
+---
+# Crossplane controller
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: crossplane-controller
+ namespace: crossplane-system
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./infra-controllers/crossplane/controller/manifests
+ prune: true
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-ec2.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-ec2.yaml
new file mode 100644
index 0000000..692e39c
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-ec2.yaml
@@ -0,0 +1,27 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# CRDs for general EC2 compute services
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-aws-ec2
+spec:
+ package: xpkg.upbound.io/upbound/provider-aws-ec2:v1.4.0
+
+
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-eks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-eks.yaml
new file mode 100644
index 0000000..ec3fc55
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-eks.yaml
@@ -0,0 +1,26 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# CRDs for EKS service
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-aws-eks
+spec:
+ package: xpkg.upbound.io/upbound/provider-aws-eks:v1.4.0
+
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-iam.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-iam.yaml
new file mode 100644
index 0000000..4aa50e8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-iam.yaml
@@ -0,0 +1,27 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# CRDs for IAM service
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-aws-iam
+spec:
+ package: xpkg.upbound.io/upbound/provider-aws-iam:v1.4.0
+
+
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-vpc.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-vpc.yaml
new file mode 100644
index 0000000..cfa9a02
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/manifests/provider-vpc.yaml
@@ -0,0 +1,26 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# CRDs for VPC service
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-aws-vpc
+spec:
+ package: xpkg.upbound.io/upbound/provider-aws-vpc:v1.4.0
+
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/templates/crossplane-aws-providers.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/templates/crossplane-aws-providers.yaml
new file mode 100644
index 0000000..19325a2
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/aws/templates/crossplane-aws-providers.yaml
@@ -0,0 +1,35 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# AWS Upbound lightweight provider families
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: aws-providers
+ namespace: crossplane-system
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./infra-controllers/crossplane/providers/aws/manifests
+ prune: true
+
\ No newline at end of file
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/manifests/provider-azure-container.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/manifests/provider-azure-container.yaml
new file mode 100644
index 0000000..41b1d79
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/manifests/provider-azure-container.yaml
@@ -0,0 +1,23 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-azure-containerservice
+spec:
+ package: xpkg.upbound.io/upbound/provider-azure-containerservice:v0.37.1
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/manifests/provider-azure-dbformysql.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/manifests/provider-azure-dbformysql.yaml
new file mode 100644
index 0000000..317e70d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/manifests/provider-azure-dbformysql.yaml
@@ -0,0 +1,24 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-azure-dbformysql
+spec:
+ package: xpkg.upbound.io/upbound/provider-azure-dbformysql:v0.38.2
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/templates/crossplane-azure-providers.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/templates/crossplane-azure-providers.yaml
new file mode 100644
index 0000000..436a9ff
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/azure/templates/crossplane-azure-providers.yaml
@@ -0,0 +1,34 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Azure providers
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: azure-providers
+ namespace: crossplane-system
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./infra-controllers/crossplane/providers/azure/manifests
+ prune: true
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/manifests/provider-gcp-cloudplatform.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/manifests/provider-gcp-cloudplatform.yaml
new file mode 100644
index 0000000..8f3f708
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/manifests/provider-gcp-cloudplatform.yaml
@@ -0,0 +1,25 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# CRDs for general CGP management
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-gcp-cloudplatform
+spec:
+ package: xpkg.upbound.io/upbound/provider-gcp-cloudplatform:v1.2.0
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/manifests/provider-gcp-container.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/manifests/provider-gcp-container.yaml
new file mode 100644
index 0000000..e7b5487
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/manifests/provider-gcp-container.yaml
@@ -0,0 +1,25 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# CRDs for K8s and other container services
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-gcp-container
+spec:
+ package: xpkg.upbound.io/upbound/provider-gcp-container:v1.2.0
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/templates/crossplane-gcp-providers.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/templates/crossplane-gcp-providers.yaml
new file mode 100644
index 0000000..972bc89
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/crossplane/providers/gcp/templates/crossplane-gcp-providers.yaml
@@ -0,0 +1,34 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# GCP providers
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: gcp-providers
+ namespace: crossplane-system
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./infra-controllers/crossplane/providers/gcp/manifests
+ prune: true
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/ingress-nginx/manifests/ingress-nginx.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/ingress-nginx/manifests/ingress-nginx.yaml
new file mode 100644
index 0000000..eb8ed2f
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/ingress-nginx/manifests/ingress-nginx.yaml
@@ -0,0 +1,56 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: ingress-nginx
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: ingress-nginx
+ namespace: ingress-nginx
+spec:
+ interval: 24h
+ url: https://kubernetes.github.io/ingress-nginx
+
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: ingress-nginx
+ namespace: ingress-nginx
+spec:
+ interval: 30m
+ chart:
+ spec:
+ chart: ingress-nginx
+ version: "*"
+ sourceRef:
+ kind: HelmRepository
+ name: ingress-nginx
+ namespace: ingress-nginx
+ interval: 12h
+ values:
+ controller:
+ service:
+ type: "NodePort"
+ admissionWebhooks:
+ enabled: false
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/ingress-nginx/templates/ingress-nginx-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/ingress-nginx/templates/ingress-nginx-ks.yaml
new file mode 100644
index 0000000..dc6c6cf
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/ingress-nginx/templates/ingress-nginx-ks.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: ingress-nginx
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ path: ./infra-controllers/ingress-nginx/manifests
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/grafana.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/grafana.yaml
new file mode 100644
index 0000000..6b49072
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/grafana.yaml
@@ -0,0 +1,1158 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Source: grafana/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ helm.sh/chart: grafana-6.57.4
+ app.kubernetes.io/name: grafana
+ app.kubernetes.io/instance: grafana
+ app.kubernetes.io/version: "9.5.5"
+ app.kubernetes.io/managed-by: Helm
+ name: grafana
+ namespace: istio-system
+---
+# Source: grafana/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: grafana
+ namespace: istio-system
+ labels:
+ helm.sh/chart: grafana-6.57.4
+ app.kubernetes.io/name: grafana
+ app.kubernetes.io/instance: grafana
+ app.kubernetes.io/version: "9.5.5"
+ app.kubernetes.io/managed-by: Helm
+data:
+ grafana.ini: |
+ [analytics]
+ check_for_updates = true
+ [grafana_net]
+ url = https://grafana.net
+ [log]
+ mode = console
+ [paths]
+ data = /var/lib/grafana/
+ logs = /var/log/grafana
+ plugins = /var/lib/grafana/plugins
+ provisioning = /etc/grafana/provisioning
+ [server]
+ domain = ''
+ datasources.yaml: |
+ apiVersion: 1
+ datasources:
+ - access: proxy
+ editable: true
+ isDefault: true
+ jsonData:
+ timeInterval: 5s
+ name: Prometheus
+ orgId: 1
+ type: prometheus
+ url: http://prometheus:9090
+ - access: proxy
+ editable: true
+ isDefault: false
+ jsonData:
+ timeInterval: 5s
+ name: Loki
+ orgId: 1
+ type: loki
+ url: http://loki:3100
+ dashboardproviders.yaml: |
+ apiVersion: 1
+ providers:
+ - disableDeletion: false
+ folder: istio
+ name: istio
+ options:
+ path: /var/lib/grafana/dashboards/istio
+ orgId: 1
+ type: file
+ - disableDeletion: false
+ folder: istio
+ name: istio-services
+ options:
+ path: /var/lib/grafana/dashboards/istio-services
+ orgId: 1
+ type: file
+---
+# Source: grafana/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: grafana
+ namespace: istio-system
+ labels:
+ helm.sh/chart: grafana-6.57.4
+ app.kubernetes.io/name: grafana
+ app.kubernetes.io/instance: grafana
+ app.kubernetes.io/version: "9.5.5"
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: ClusterIP
+ ports:
+ - name: service
+ port: 3000
+ protocol: TCP
+ targetPort: 3000
+ selector:
+ app.kubernetes.io/name: grafana
+ app.kubernetes.io/instance: grafana
+---
+# Source: grafana/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: grafana
+ namespace: istio-system
+ labels:
+ helm.sh/chart: grafana-6.57.4
+ app.kubernetes.io/name: grafana
+ app.kubernetes.io/instance: grafana
+ app.kubernetes.io/version: "9.5.5"
+ app.kubernetes.io/managed-by: Helm
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: grafana
+ app.kubernetes.io/instance: grafana
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: grafana
+ app.kubernetes.io/instance: grafana
+ app: grafana
+ sidecar.istio.io/inject: "false"
+ annotations:
+ checksum/config: aec3d18ca2ea82d1d48f8965db1440aba0680ed2f32c5a29e6cdb5e7afc8b395
+ checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
+ checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
+ kubectl.kubernetes.io/default-container: grafana
+ spec:
+
+ serviceAccountName: grafana
+ automountServiceAccountToken: true
+ securityContext:
+ fsGroup: 472
+ runAsGroup: 472
+ runAsNonRoot: true
+ runAsUser: 472
+ enableServiceLinks: true
+ containers:
+ - name: grafana
+ image: "docker.io/grafana/grafana:9.5.5"
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - name: config
+ mountPath: "/etc/grafana/grafana.ini"
+ subPath: grafana.ini
+ - name: storage
+ mountPath: "/var/lib/grafana"
+ - name: dashboards-istio
+ mountPath: "/var/lib/grafana/dashboards/istio"
+ - name: dashboards-istio-services
+ mountPath: "/var/lib/grafana/dashboards/istio-services"
+ - name: config
+ mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
+ subPath: "datasources.yaml"
+ - name: config
+ mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
+ subPath: "dashboardproviders.yaml"
+ ports:
+ - name: grafana
+ containerPort: 3000
+ protocol: TCP
+ - name: gossip-tcp
+ containerPort: 9094
+ protocol: TCP
+ - name: gossip-udp
+ containerPort: 9094
+ protocol: UDP
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: GF_PATHS_DATA
+ value: /var/lib/grafana/
+ - name: GF_PATHS_LOGS
+ value: /var/log/grafana
+ - name: GF_PATHS_PLUGINS
+ value: /var/lib/grafana/plugins
+ - name: GF_PATHS_PROVISIONING
+ value: /etc/grafana/provisioning
+ - name: "GF_AUTH_ANONYMOUS_ENABLED"
+ value: "true"
+ - name: "GF_AUTH_ANONYMOUS_ORG_ROLE"
+ value: "Admin"
+ - name: "GF_AUTH_BASIC_ENABLED"
+ value: "false"
+ - name: "GF_SECURITY_ADMIN_PASSWORD"
+ value: "admin"
+ - name: "GF_SECURITY_ADMIN_USER"
+ value: "admin"
+ livenessProbe:
+ failureThreshold: 10
+ httpGet:
+ path: /api/health
+ port: 3000
+ initialDelaySeconds: 60
+ timeoutSeconds: 30
+ readinessProbe:
+ httpGet:
+ path: /api/health
+ port: 3000
+ volumes:
+ - name: config
+ configMap:
+ name: grafana
+ - name: dashboards-istio
+ configMap:
+ name: istio-grafana-dashboards
+ - name: dashboards-istio-services
+ configMap:
+ name: istio-services-grafana-dashboards
+ - name: storage
+ emptyDir: {}
+
+---
+
+apiVersion: v1
+data:
+ istio-performance-dashboard.json: |
+ {"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":false,"gnetId":null,"graphTooltip":0,"links":[],"panels":[{"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":21,"panels":[{"content":"The charts on this dashboard are intended to show Istio main components cost in terms of resources utilization under steady load.\n\n- **vCPU / 1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred / sec:** shows the number of bytes flowing through each Istio component.\n\n\n","gridPos":{"h":6,"w":24,"x":0,"y":1},"id":19,"links":[],"mode":"markdown","timeFrom":null,"timeShift":null,"title":"Performance Dashboard README","transparent":true,"type":"text"}],"title":"Performance Dashboard Notes","type":"row"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":1},"id":6,"panels":[],"title":"vCPU Usage","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":12,"x":0,"y":2},"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_cpu_usage_seconds_total{pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"istio-ingressgateway","refId":"A"},{"expr":"(sum(irate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)","format":"time_series","intervalFactor":1,"legendFormat":"istio-proxy","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"vCPU / 1k rps","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":12,"x":12,"y":2},"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(container_cpu_usage_seconds_total{pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"istio-ingressgateway","refId":"A"},{"expr":"sum(rate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"istio-proxy","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"vCPU","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":10},"id":13,"panels":[],"title":"Memory and Data Rates","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":12,"x":0,"y":11},"id":902,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_working_set_bytes{pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})","format":"time_series","intervalFactor":1,"legendFormat":"per istio-ingressgateway","refId":"A"},{"expr":"sum(container_memory_working_set_bytes{namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_working_set_bytes{namespace!=\"istio-system\",container=\"istio-proxy\"})","format":"time_series","intervalFactor":1,"legendFormat":"per istio proxy","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":12,"x":12,"y":11},"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"istio-ingressgateway","refId":"A"},{"expr":"sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"istio-proxy","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Bytes transferred / sec","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":19},"id":17,"panels":[],"title":"Istio Component Versions","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":24,"x":0,"y":20},"id":15,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(istio_build) by (component, tag)","format":"time_series","intervalFactor":1,"legendFormat":"{{ component }}: {{ tag }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Istio Components by Version","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":31},"id":71,"panels":[],"title":"Proxy Resource Usage","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":0,"y":32},"id":72,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{container=\"istio-proxy\"})","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Total (k8s)","refId":"A","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":6,"y":32},"id":73,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(container_cpu_usage_seconds_total{container=\"istio-proxy\"}[1m]))","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Total (k8s)","refId":"A","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"vCPU","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":12,"y":32},"id":702,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_fs_usage_bytes{container=\"istio-proxy\"})","format":"time_series","intervalFactor":2,"legendFormat":"Total (k8s)","refId":"A","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Disk","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":"","logBase":1,"max":null,"min":null,"show":true},{"decimals":null,"format":"none","label":"","logBase":1024,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":39},"id":69,"panels":[],"title":"Istiod Resource Usage","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":0,"y":40},"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"process_virtual_memory_bytes{app=\"istiod\"}","format":"time_series","instant":false,"intervalFactor":2,"legendFormat":"Virtual Memory","refId":"I","step":2},{"expr":"process_resident_memory_bytes{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Resident Memory","refId":"H","step":2},{"expr":"go_memstats_heap_sys_bytes{app=\"istiod\"}","format":"time_series","hide":true,"intervalFactor":2,"legendFormat":"heap sys","refId":"A"},{"expr":"go_memstats_heap_alloc_bytes{app=\"istiod\"}","format":"time_series","hide":true,"intervalFactor":2,"legendFormat":"heap alloc","refId":"D"},{"expr":"go_memstats_alloc_bytes{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Alloc","refId":"F","step":2},{"expr":"go_memstats_heap_inuse_bytes{app=\"istiod\"}","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Heap in-use","refId":"E","step":2},{"expr":"go_memstats_stack_inuse_bytes{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Stack in-use","refId":"G","step":2},{"expr":"sum(container_memory_working_set_bytes{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"})","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Total (k8s)","refId":"C","step":2},{"expr":"container_memory_working_set_bytes{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"{{ container }} (k8s)","refId":"B","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":6,"y":40},"id":602,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(container_cpu_usage_seconds_total{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}[1m]))","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Total (k8s)","refId":"A","step":2},{"expr":"sum(rate(container_cpu_usage_seconds_total{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}[1m])) by (container)","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"{{ container }} (k8s)","refId":"B","step":2},{"expr":"irate(process_cpu_seconds_total{app=\"istiod\"}[1m])","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"pilot (self-reported)","refId":"C","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"vCPU","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":12,"y":40},"id":74,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"process_open_fds{app=\"istiod\"}","format":"time_series","hide":true,"instant":false,"interval":"","intervalFactor":2,"legendFormat":"Open FDs (pilot)","refId":"A"},{"expr":"container_fs_usage_bytes{ container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{ container }}","refId":"B","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Disk","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":"","logBase":1,"max":null,"min":null,"show":true},{"decimals":null,"format":"none","label":"","logBase":1024,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":18,"y":40},"id":402,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":false,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Number of Goroutines","refId":"A","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Goroutines","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":"","logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}}],"refresh":"10s","schemaVersion":18,"style":"dark","tags":[],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"includeAll":false,"label":null,"multi":false,"name":"datasource","options":[],"query":"prometheus","queryValue":"","refresh":1,"regex":"","skipUrlSync":false,"type":"datasource"}]},"time":{"from":"now-5m","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Istio Performance Dashboard","uid":"vu8e0VWZk","version":22}
+ pilot-dashboard.json: |
+ {"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":false,"gnetId":null,"graphTooltip":1,"links":[],"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":60,"panels":[],"title":"Deployed Versions","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":5,"w":24,"x":0,"y":1},"id":56,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(istio_build{component=\"pilot\"}) by (tag)","format":"time_series","intervalFactor":1,"legendFormat":"{{ tag }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Pilot Versions","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":6},"id":62,"panels":[],"title":"Resource Usage","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":0,"y":7},"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"process_virtual_memory_bytes{app=\"istiod\"}","format":"time_series","instant":false,"intervalFactor":2,"legendFormat":"Virtual Memory","refId":"I","step":2},{"expr":"process_resident_memory_bytes{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Resident Memory","refId":"H","step":2},{"expr":"go_memstats_heap_sys_bytes{app=\"istiod\"}","format":"time_series","hide":true,"intervalFactor":2,"legendFormat":"heap sys","refId":"A"},{"expr":"go_memstats_heap_alloc_bytes{app=\"istiod\"}","format":"time_series","hide":true,"intervalFactor":2,"legendFormat":"heap alloc","refId":"D"},{"expr":"go_memstats_alloc_bytes{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Alloc","refId":"F","step":2},{"expr":"go_memstats_heap_inuse_bytes{app=\"istiod\"}","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Heap in-use","refId":"E","step":2},{"expr":"go_memstats_stack_inuse_bytes{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Stack in-use","refId":"G","step":2},{"expr":"container_memory_working_set_bytes{container=~\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Discovery (container)","refId":"B","step":2},{"expr":"container_memory_working_set_bytes{container=~\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}","format":"time_series","intervalFactor":1,"legendFormat":"Sidecar (container)","refId":"C"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":6,"y":7},"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(irate(container_cpu_usage_seconds_total{container=\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Discovery (container)","refId":"A"},{"expr":"irate(process_cpu_seconds_total{app=\"istiod\"}[1m])","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Discovery (process)","refId":"C","step":2},{"expr":"sum(irate(container_cpu_usage_seconds_total{container=\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}[1m]))","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Sidecar (container)","refId":"B","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"CPU","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":12,"y":7},"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"container_fs_usage_bytes{container=\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}","format":"time_series","intervalFactor":2,"legendFormat":"Discovery","refId":"B","step":2},{"expr":"container_fs_usage_bytes{container=\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}","format":"time_series","intervalFactor":1,"legendFormat":"Sidecar","refId":"A"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Disk","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":"","logBase":1,"max":null,"min":null,"show":true},{"decimals":null,"format":"none","label":"","logBase":1024,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":7,"w":6,"x":18,"y":7},"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":false,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{app=\"istiod\"}","format":"time_series","intervalFactor":2,"legendFormat":"Number of Goroutines","refId":"A","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Goroutines","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":"","logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":14},"id":58,"panels":[],"title":"Pilot Push Information","type":"row"},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"Prometheus","description":"Shows the rate of pilot pushes","fill":1,"gridPos":{"h":8,"w":8,"x":0,"y":15},"id":622,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":false,"linewidth":1,"links":[],"nullPointMode":"null as zero","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Cluster","refId":"C"},{"expr":"sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Endpoints","refId":"D"},{"expr":"sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Listeners","refId":"A"},{"expr":"sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Routes","refId":"E"},{"expr":"sum(irate(pilot_xds_pushes{type=\"sds\"}[1m]))","interval":"","legendFormat":"Secrets","refId":"B"},{"expr":"sum(irate(pilot_xds_pushes{type=\"nds\"}[1m]))","interval":"","legendFormat":"Nametables","refId":"F"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Pilot Pushes","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":["total"]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":"0","show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","description":"Captures a variety of pilot errors","fill":1,"gridPos":{"h":8,"w":8,"x":8,"y":15},"id":67,"legend":{"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(pilot_xds_cds_reject{app=\"istiod\"}) or (absent(pilot_xds_cds_reject{app=\"istiod\"}) - 1)","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Rejected CDS Configs","refId":"C"},{"expr":"sum(pilot_xds_eds_reject{app=\"istiod\"}) or (absent(pilot_xds_eds_reject{app=\"istiod\"}) - 1)","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Rejected EDS Configs","refId":"D"},{"expr":"sum(pilot_xds_rds_reject{app=\"istiod\"}) or (absent(pilot_xds_rds_reject{app=\"istiod\"}) - 1)","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Rejected RDS Configs","refId":"A"},{"expr":"sum(pilot_xds_lds_reject{app=\"istiod\"}) or (absent(pilot_xds_lds_reject{app=\"istiod\"}) - 1)","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Rejected LDS Configs","refId":"B"},{"expr":"sum(rate(pilot_xds_write_timeout{app=\"istiod\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Write Timeouts","refId":"F"},{"expr":"sum(rate(pilot_total_xds_internal_errors{app=\"istiod\"}[1m]))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Internal Errors","refId":"H"},{"expr":"sum(rate(pilot_total_xds_rejects{app=\"istiod\"}[1m]))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Config Rejection Rate","refId":"E"},{"expr":"sum(rate(pilot_xds_push_context_errors{app=\"istiod\"}[1m]))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Push Context Errors","refId":"K"},{"expr":"sum(rate(pilot_xds_write_timeout{app=\"istiod\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Push Timeouts","refId":"G"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Pilot Errors","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","description":"Shows the total time it takes to push a config update to a proxy","fill":1,"gridPos":{"h":8,"w":8,"x":16,"y":15},"id":624,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))","format":"time_series","intervalFactor":1,"legendFormat":"p50 ","refId":"A"},{"expr":"histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))","format":"time_series","intervalFactor":1,"legendFormat":"p90","refId":"B"},{"expr":"histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))","format":"time_series","intervalFactor":1,"legendFormat":"p99","refId":"C"},{"expr":"histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))","format":"time_series","intervalFactor":1,"legendFormat":"p99.9","refId":"D"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Proxy Push Time","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":12,"x":0,"y":23},"id":45,"legend":{"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"pilot_conflict_inbound_listener{app=\"istiod\"}","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Inbound Listeners","refId":"B"},{"expr":"pilot_conflict_outbound_listener_tcp_over_current_tcp{app=\"istiod\"}","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"Outbound Listeners (tcp over current tcp)","refId":"C"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Conflicts","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":12,"x":12,"y":23},"id":47,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"avg(pilot_virt_services{app=\"istiod\"})","format":"time_series","intervalFactor":1,"legendFormat":"Virtual Services","refId":"A"},{"expr":"avg(pilot_services{app=\"istiod\"})","format":"time_series","intervalFactor":1,"legendFormat":"Services","refId":"B"},{"expr":"sum(pilot_xds{app=\"istiod\"}) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"Connected Endpoints {{pod}}","refId":"E"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"ADS Monitoring","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":31},"id":64,"panels":[],"title":"Envoy Information","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","description":"Shows details about Envoy proxies in the mesh","fill":1,"gridPos":{"h":8,"w":8,"x":0,"y":32},"id":40,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"XDS Connections","refId":"C"},{"expr":"sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"XDS Connection Failures","refId":"A"},{"expr":"sum(increase(envoy_server_hot_restart_epoch[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"Envoy Restarts","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Envoy Details","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":8,"w":8,"x":8,"y":32},"id":41,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})","format":"time_series","intervalFactor":2,"legendFormat":"XDS Active Connections","refId":"C","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"XDS Active Connections","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","description":"Shows the size of XDS requests and responses","fill":1,"gridPos":{"h":8,"w":8,"x":16,"y":32},"id":42,"legend":{"avg":false,"current":false,"hideEmpty":false,"hideZero":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"XDS Response Bytes Max","refId":"D"},{"expr":"quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))","format":"time_series","hide":false,"intervalFactor":1,"legendFormat":"XDS Response Bytes Average","refId":"B"},{"expr":"max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"XDS Request Bytes Max","refId":"A"},{"expr":"quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))","format":"time_series","intervalFactor":1,"legendFormat":"XDS Request Bytes Average","refId":"C"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"XDS Requests Size","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"datasource":null,"gridPos":{"h":1,"w":24,"x":0,"y":40},"id":626,"panels":[],"title":"Webhooks","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":null,"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":12,"x":0,"y":41},"hiddenSeries":false,"id":629,"legend":{"avg":false,"current":false,"hideEmpty":false,"hideZero":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"nullPointMode":"null","options":{"dataLinks":[]},"percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(galley_validation_passed[1m]))","interval":"","legendFormat":"Validations (Success)","refId":"A"},{"expr":"sum(rate(galley_validation_failed[1m]))","interval":"","legendFormat":"Validation (Failure)","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Configuration Validation","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":null,"description":"","fill":1,"fillGradient":0,"gridPos":{"h":8,"w":12,"x":12,"y":41},"hiddenSeries":false,"id":630,"legend":{"avg":false,"current":false,"hideZero":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"nullPointMode":"null","options":{"dataLinks":[]},"percentage":false,"pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(sidecar_injection_success_total[1m]))","interval":"","legendFormat":"Injections (Success)","refId":"A"},{"expr":"sum(rate(sidecar_injection_failure_total[1m]))","interval":"","legendFormat":"Injections (Failure)","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Sidecar Injection","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}}],"refresh":"5s","schemaVersion":18,"style":"dark","tags":[],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"includeAll":false,"label":null,"multi":false,"name":"datasource","options":[],"query":"prometheus","queryValue":"","refresh":1,"regex":"","skipUrlSync":false,"type":"datasource"}]},"time":{"from":"now-5m","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"browser","title":"Istio Control Plane Dashboard","uid":"3--MLVZZk","version":11}
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: istio-grafana-dashboards
+ namespace: istio-system
+
+---
+
+apiVersion: v1
+data:
+ istio-extension-dashboard.json: |
+ {"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":false,"gnetId":null,"graphTooltip":0,"links":[],"panels":[{"collapsed":false,"datasource":"Prometheus","gridPos":{"h":1,"w":24,"x":0,"y":0},"id":3,"panels":[],"title":"Wasm VMs","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","description":"","fieldConfig":{"defaults":{"custom":{"align":null},"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]}},"overrides":[]},"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":12,"x":0,"y":1},"hiddenSeries":false,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"nullPointMode":"null","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.1","pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"avg(envoy_wasm_envoy_wasm_runtime_null_active)","interval":"","legendFormat":"native","refId":"A"},{"expr":"avg(envoy_wasm_envoy_wasm_runtime_v8_active)","interval":"","legendFormat":"v8","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Active","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"$$hashKey":"object:123","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"$$hashKey":"object:124","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":12,"x":12,"y":1},"hiddenSeries":false,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"nullPointMode":"null","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.1","pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"avg(envoy_wasm_envoy_wasm_runtime_null_created)","interval":"","legendFormat":"native","refId":"A"},{"expr":"avg(envoy_wasm_envoy_wasm_runtime_v8_created)","interval":"","legendFormat":"v8","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Created","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"$$hashKey":"object:68","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"$$hashKey":"object:69","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"datasource":"Prometheus","gridPos":{"h":1,"w":24,"x":0,"y":9},"id":7,"panels":[],"title":"Wasm Module Remote Load","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":8,"x":0,"y":10},"hiddenSeries":false,"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"nullPointMode":"null","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.1","pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"avg(envoy_wasm_remote_load_cache_entries)","interval":"","legendFormat":"entries","refId":"A"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Cache Entry","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"$$hashKey":"object:178","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"$$hashKey":"object:179","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":8,"x":8,"y":10},"hiddenSeries":false,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"nullPointMode":"null","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.1","pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"avg(envoy_wasm_remote_load_cache_hits)","interval":"","legendFormat":"hits","refId":"A"},{"expr":"avg(envoy_wasm_remote_load_cache_misses)","interval":"","legendFormat":"misses","refId":"B"},{"expr":"avg(envoy_wasm_remote_load_cache_negative_hits)","interval":"","legendFormat":"negative hits","refId":"C"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Cache Visit","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"$$hashKey":"object:233","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"$$hashKey":"object:234","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":8,"x":16,"y":10},"hiddenSeries":false,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"nullPointMode":"null","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.1","pointradius":2,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"avg(envoy_wasm_remote_load_fetch_failures)","interval":"","legendFormat":"failures","refId":"A"},{"expr":"avg(envoy_wasm_remote_load_fetch_successes)","interval":"","legendFormat":"successes","refId":"B"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Remote Fetch","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"$$hashKey":"object:288","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"$$hashKey":"object:289","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"collapsed":false,"datasource":"Prometheus","gridPos":{"h":1,"w":24,"x":0,"y":18},"id":71,"panels":[],"title":"Proxy Resource Usage","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fieldConfig":{"defaults":{"custom":{}},"overrides":[]},"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":12,"x":0,"y":19},"hiddenSeries":false,"id":72,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.1","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{container=\"istio-proxy\"})","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Total (k8s)","refId":"A","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"$$hashKey":"object:396","format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"$$hashKey":"object:397","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fieldConfig":{"defaults":{"custom":{}},"overrides":[]},"fill":1,"fillGradient":0,"gridPos":{"h":8,"w":12,"x":12,"y":19},"hiddenSeries":false,"id":73,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.1","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(container_cpu_usage_seconds_total{container=\"istio-proxy\"}[1m]))","format":"time_series","hide":false,"intervalFactor":2,"legendFormat":"Total (k8s)","refId":"A","step":2}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"vCPU","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"$$hashKey":"object:447","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"$$hashKey":"object:448","format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}}],"refresh":false,"schemaVersion":26,"style":"dark","tags":[],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"includeAll":false,"label":null,"multi":false,"name":"datasource","options":[],"query":"prometheus","queryValue":"","refresh":1,"regex":"","skipUrlSync":false,"type":"datasource"}]},"time":{"from":"now-5m","to":"now"},"timepicker":{"refresh_intervals":["10s","30s","1m","5m","15m","30m","1h","2h","1d"]},"timezone":"","title":"Istio Wasm Extension Dashboard","uid":"7PAV7ctGz","version":17}
+ istio-mesh-dashboard.json: |
+ {"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":false,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[{"content":"<div>\n <div style=\"position: absolute; bottom: 0\">\n <a href=\"https://istio.io\" target=\"_blank\" style=\"font-size: 30px; text-decoration: none; color: inherit\"><img src=\"https://istio.io/latest/img/istio-bluelogo-nobackground-unframed.svg\" style=\"height: 50px\"> Istio</a>\n </div>\n <div style=\"position: absolute; bottom: 0; right: 0; font-size: 15px\">\n Istio is an <a href=\"https://github.com/istio/istio\" target=\"_blank\">open platform</a> that provides a uniform way to <a href=\"https://istio.io/docs/concepts/security/\" target=\"_blank\">secure</a>,\n <a href=\"https://istio.io/docs/concepts/traffic-management/\" target=\"_blank\">connect</a>, and \n <a href=\"https://istio.io/docs/concepts/observability/\" target=\"_blank\">monitor</a> microservices.\n <br>\n Need help? <a href=\"https://istio.io/get-involved/\" target=\"_blank\">Join the Istio community</a>.\n </div>\n</div>","gridPos":{"h":3,"w":24,"x":0,"y":0},"height":"50px","id":13,"links":[],"mode":"html","style":{"font-size":"18pt"},"title":"","transparent":true,"type":"text"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"datasource":"Prometheus","format":"ops","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":0,"y":3},"id":20,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":true,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"round(sum(irate(istio_requests_total{reporter=\"source\"}[1m])), 0.001)","intervalFactor":1,"refId":"A","step":4}],"thresholds":"","title":"Global Request Volume","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"avg"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"datasource":"Prometheus","format":"percentunit","gauge":{"maxValue":100,"minValue":80,"show":false,"thresholdLabels":false,"thresholdMarkers":false},"gridPos":{"h":3,"w":6,"x":6,"y":3},"id":21,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":true,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"sum(rate(istio_requests_total{reporter=\"source\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"source\"}[1m]))","format":"time_series","intervalFactor":1,"refId":"A","step":4}],"thresholds":"95, 99, 99.5","title":"Global Success Rate (non-5xx responses)","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"avg"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"datasource":"Prometheus","format":"ops","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":12,"y":3},"id":22,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":true,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"sum(irate(istio_requests_total{reporter=\"source\", response_code=~\"4.*\"}[1m]))","format":"time_series","intervalFactor":1,"refId":"A","step":4}],"thresholds":"","title":"4xxs","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"avg"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"datasource":"Prometheus","format":"ops","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":18,"y":3},"id":23,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":true,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"sum(irate(istio_requests_total{reporter=\"source\", response_code=~\"5.*\"}[1m]))","format":"time_series","intervalFactor":1,"refId":"A","step":4}],"thresholds":"","title":"5xxs","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"avg"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":0,"y":6},"id":113,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"VirtualService\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"VirtualService\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Virtual Services","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":6,"y":6},"id":114,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"DestinationRule\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"DestinationRule\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Destination Rules","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":12,"y":6},"id":115,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"Gateway\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"Gateway\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Gateways","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":18,"y":6},"id":116,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"WorkloadEntry\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"WorkloadEntry\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Workload Entries","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":0,"y":6},"id":117,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"ServiceEntry\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"ServiceEntry\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Service Entries","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":6,"y":6},"id":90,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"PeerAuthentication\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"PeerAuthentication\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"PeerAuthentication Policies","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":12,"y":6},"id":91,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"RequestAuthentication\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"RequestAuthentication\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"RequestAuthentication Policies","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"Prometheus","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":3,"w":6,"x":18,"y":6},"id":92,"interval":null,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"horizontal","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":true},"tableColumn":"","targets":[{"expr":"max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Authorization Policies","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"columns":[],"datasource":"Prometheus","fontSize":"100%","gridPos":{"h":21,"w":24,"x":0,"y":9},"hideTimeOverride":false,"id":73,"links":[],"pageSize":null,"repeat":null,"repeatDirection":"v","scroll":true,"showHeader":true,"sort":{"col":5,"desc":true},"styles":[{"alias":"Workload","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Workload dashboard","linkUrl":"/dashboard/db/istio-workload-dashboard?var-namespace=${__cell_3:raw}&var-workload=${__cell_2:raw}","pattern":"destination_workload","preserveFormat":false,"sanitize":false,"thresholds":[],"type":"hidden","unit":"short"},{"alias":"","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Requests","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Value #A","thresholds":[],"type":"number","unit":"ops"},{"alias":"P50 Latency","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Value #B","thresholds":[],"type":"number","unit":"s"},{"alias":"P90 Latency","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Value #C","thresholds":[],"type":"number","unit":"s"},{"alias":"P99 Latency","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Value #D","thresholds":[],"type":"number","unit":"s"},{"alias":"Success Rate","colorMode":"cell","colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Value #E","thresholds":[".95"," 1.00"],"type":"number","unit":"percentunit"},{"alias":"Workload","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"$__cell dashboard","linkUrl":"/dashboard/db/istio-workload-dashboard?var-workload=${__cell_2:raw}&var-namespace=${__cell_3:raw}","pattern":"destination_workload_var","thresholds":[],"type":"number","unit":"short"},{"alias":"Service","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"$__cell dashboard","linkUrl":"/dashboard/db/istio-service-dashboard?var-service=${__cell_1:raw}","pattern":"destination_service","thresholds":[],"type":"string","unit":"short"},{"alias":"","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"destination_workload_namespace","thresholds":[],"type":"hidden","unit":"short"}],"targets":[{"expr":"label_join(sum(rate(istio_requests_total{reporter=\"source\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")","format":"table","hide":false,"instant":true,"intervalFactor":1,"legendFormat":"{{ destination_workload}}.{{ destination_workload_namespace }}","refId":"A"},{"expr":"label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"source\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"source\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")","format":"table","hide":false,"instant":true,"intervalFactor":1,"legendFormat":"{{ destination_workload}}.{{ destination_workload_namespace }}","refId":"B"},{"expr":"label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"source\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"source\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")","format":"table","hide":false,"instant":true,"intervalFactor":1,"legendFormat":"{{ destination_workload }}.{{ destination_workload_namespace }}","refId":"C"},{"expr":"label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"source\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"source\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")","format":"table","hide":false,"instant":true,"intervalFactor":1,"legendFormat":"{{ destination_workload }}.{{ destination_workload_namespace }}","refId":"D"},{"expr":"label_join((sum(rate(istio_requests_total{reporter=\"source\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")","format":"table","hide":false,"instant":true,"interval":"","intervalFactor":1,"legendFormat":"{{ destination_workload }}.{{ destination_workload_namespace }}","refId":"E"}],"timeFrom":null,"title":"HTTP/GRPC Workloads","transform":"table","type":"table"},{"columns":[],"datasource":"Prometheus","fontSize":"100%","gridPos":{"h":18,"w":24,"x":0,"y":30},"hideTimeOverride":false,"id":109,"links":[],"pageSize":null,"repeatDirection":"v","scroll":true,"showHeader":true,"sort":{"col":5,"desc":true},"styles":[{"alias":"Workload","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"$__cell dashboard","linkUrl":"/dashboard/db/istio-workload-dashboard?var-namespace=${__cell_3:raw}&var-workload=${__cell_2:raw}","pattern":"destination_workload","preserveFormat":false,"sanitize":false,"thresholds":[],"type":"hidden","unit":"short"},{"alias":"Bytes Sent","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Value #A","thresholds":[""],"type":"number","unit":"Bps"},{"alias":"Bytes Received","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Workload","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"$__cell dashboard","linkUrl":"/dashboard/db/istio-workload-dashboard?var-namespace=${__cell_3:raw}&var-workload=${__cell_2:raw}","pattern":"destination_workload_var","thresholds":[],"type":"string","unit":"short"},{"alias":"","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"destination_workload_namespace","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Service","colorMode":null,"colors":["rgba(245, 54, 54, 0.9)","rgba(237, 129, 40, 0.89)","rgba(50, 172, 45, 0.97)"],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"$__cell dashboard","linkUrl":"/dashboard/db/istio-service-dashboard?var-service=${__cell_1:raw}","pattern":"destination_service","thresholds":[],"type":"number","unit":"short"}],"targets":[{"expr":"label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")","format":"table","hide":false,"instant":true,"intervalFactor":1,"legendFormat":"{{ destination_workload }}","refId":"A"},{"expr":"label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")","format":"table","hide":false,"instant":true,"intervalFactor":1,"legendFormat":"{{ destination_workload }}","refId":"B"}],"timeFrom":null,"title":"TCP Workloads","transform":"table","type":"table"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"Prometheus","fill":1,"gridPos":{"h":9,"w":24,"x":0,"y":48},"id":111,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(istio_build) by (component, tag)","format":"time_series","intervalFactor":1,"legendFormat":"{{ component }}: {{ tag }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Istio Components by Version","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}],"yaxis":{"align":false,"alignLevel":null}}],"refresh":"5s","schemaVersion":18,"style":"dark","tags":[],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"includeAll":false,"label":null,"multi":false,"name":"datasource","options":[],"query":"prometheus","queryValue":"","refresh":1,"regex":"","skipUrlSync":false,"type":"datasource"}]},"time":{"from":"now-5m","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"browser","title":"Istio Mesh Dashboard","uid":"G8wLrJIZk","version":5}
+ istio-service-dashboard.json: "{\"annotations\":{\"list\":[{\"builtIn\":1,\"datasource\":\"--
+ Grafana --\",\"enable\":true,\"hide\":true,\"iconColor\":\"rgba(0, 211, 255, 1)\",\"name\":\"Annotations
+ & Alerts\",\"type\":\"dashboard\"}]},\"editable\":false,\"gnetId\":null,\"graphTooltip\":0,\"iteration\":1595591291797,\"links\":[],\"panels\":[{\"collapsed\":true,\"gridPos\":{\"h\":1,\"w\":24,\"x\":0,\"y\":0},\"id\":106,\"panels\":[{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>SERVICE: $service</span>\\n</div>\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"gridPos\":{\"h\":3,\"w\":24,\"x\":0,\"y\":1},\"id\":89,\"links\":[],\"mode\":\"html\",\"options\":{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>SERVICE: $service</span>\\n</div>\",\"mode\":\"html\"},\"pluginVersion\":\"7.1.0\",\"title\":\"\",\"transparent\":true,\"type\":\"text\"},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"rgba(245,
+ 54, 54, 0.9)\",\"rgba(237, 129, 40, 0.89)\",\"rgba(50, 172, 45, 0.97)\"],\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"ops\",\"gauge\":{\"maxValue\":100,\"minValue\":0,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":true},\"gridPos\":{\"h\":4,\"w\":6,\"x\":0,\"y\":4},\"id\":12,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"round(sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[5m])),
+ 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"refId\":\"A\",\"step\":4}],\"thresholds\":\"\",\"title\":\"Client
+ Request Volume\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"current\"},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"rgba(50,
+ 172, 45, 0.97)\",\"rgba(237, 129, 40, 0.89)\",\"rgba(245, 54, 54, 0.9)\"],\"datasource\":\"Prometheus\",\"decimals\":null,\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"percentunit\",\"gauge\":{\"maxValue\":100,\"minValue\":80,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":false},\"gridPos\":{\"h\":4,\"w\":6,\"x\":6,\"y\":4},\"id\":14,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\"}[5m]))
+ / sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[5m]))\",\"format\":\"time_series\",\"intervalFactor\":1,\"refId\":\"A\"}],\"thresholds\":\"95,
+ 99, 99.5\",\"title\":\"Client Success Rate (non-5xx responses)\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"avg\"},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":4,\"w\":6,\"x\":12,\"y\":4},\"hiddenSeries\":false,\"id\":87,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":false,\"hideZero\":false,\"max\":false,\"min\":false,\"rightSide\":true,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le))\",\"format\":\"time_series\",\"interval\":\"\",\"intervalFactor\":1,\"legendFormat\":\"P50\",\"refId\":\"A\"},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"P90\",\"refId\":\"B\"},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"P99\",\"refId\":\"C\"}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Client
+ Request Duration\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"s\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"#299c46\",\"rgba(237,
+ 129, 40, 0.89)\",\"#d44a3a\"],\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"Bps\",\"gauge\":{\"maxValue\":100,\"minValue\":0,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":true},\"gridPos\":{\"h\":4,\"w\":6,\"x\":18,\"y\":4},\"id\":84,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"sum(irate(istio_tcp_received_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_service=~\\\"$service\\\"}[1m]))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"\",\"refId\":\"A\"}],\"thresholds\":\"\",\"title\":\"TCP
+ Received Bytes\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"avg\"},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"rgba(245,
+ 54, 54, 0.9)\",\"rgba(237, 129, 40, 0.89)\",\"rgba(50, 172, 45, 0.97)\"],\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"ops\",\"gauge\":{\"maxValue\":100,\"minValue\":0,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":true},\"gridPos\":{\"h\":4,\"w\":6,\"x\":0,\"y\":8},\"id\":97,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"round(sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[5m])),
+ 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"refId\":\"A\",\"step\":4}],\"thresholds\":\"\",\"title\":\"Server
+ Request Volume\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"current\"},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"rgba(50,
+ 172, 45, 0.97)\",\"rgba(237, 129, 40, 0.89)\",\"rgba(245, 54, 54, 0.9)\"],\"datasource\":\"Prometheus\",\"decimals\":null,\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"percentunit\",\"gauge\":{\"maxValue\":100,\"minValue\":80,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":false},\"gridPos\":{\"h\":4,\"w\":6,\"x\":6,\"y\":8},\"id\":98,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\"}[5m]))
+ / sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[5m]))\",\"format\":\"time_series\",\"intervalFactor\":1,\"refId\":\"A\"}],\"thresholds\":\"95,
+ 99, 99.5\",\"title\":\"Server Success Rate (non-5xx responses)\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"avg\"},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":4,\"w\":6,\"x\":12,\"y\":8},\"hiddenSeries\":false,\"id\":99,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":false,\"hideZero\":false,\"max\":false,\"min\":false,\"rightSide\":true,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le))\",\"format\":\"time_series\",\"interval\":\"\",\"intervalFactor\":1,\"legendFormat\":\"P50\",\"refId\":\"A\"},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"P90\",\"refId\":\"B\"},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m]))
+ by (le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"P99\",\"refId\":\"C\"}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Server
+ Request Duration\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"s\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"#299c46\",\"rgba(237,
+ 129, 40, 0.89)\",\"#d44a3a\"],\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"Bps\",\"gauge\":{\"maxValue\":100,\"minValue\":0,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":true},\"gridPos\":{\"h\":4,\"w\":6,\"x\":18,\"y\":8},\"id\":100,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"sum(irate(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_service=~\\\"$service\\\"}[1m]))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"\",\"refId\":\"A\"}],\"thresholds\":\"\",\"title\":\"TCP
+ Sent Bytes\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"avg\"}],\"title\":\"General\",\"type\":\"row\"},{\"collapsed\":true,\"gridPos\":{\"h\":1,\"w\":24,\"x\":0,\"y\":1},\"id\":104,\"panels\":[{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>CLIENT WORKLOADS</span>\\n</div>\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"gridPos\":{\"h\":3,\"w\":24,\"x\":0,\"y\":2},\"id\":45,\"links\":[],\"mode\":\"html\",\"options\":{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>CLIENT WORKLOADS</span>\\n</div>\",\"mode\":\"html\"},\"pluginVersion\":\"7.1.0\",\"title\":\"\",\"transparent\":true,\"type\":\"text\"},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":0,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":5},\"hiddenSeries\":false,\"id\":25,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null
+ as zero\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\",destination_service=~\\\"$service\\\",reporter=~\\\"$qrep\\\",source_workload=~\\\"$srcwl\\\",source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace, response_code), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", reporter=~\\\"$qrep\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace,
+ response_code), 0.001)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Requests By Source And Response Code\",\"tooltip\":{\"shared\":false,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[\"total\"]},\"yaxes\":[{\"format\":\"ops\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":5},\"hiddenSeries\":false,\"id\":26,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Success Rate (non-5xx responses) By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"percentunit\",\"label\":null,\"logBase\":1,\"max\":\"1.01\",\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"description\":\"\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":0,\"y\":11},\"hiddenSeries\":false,\"id\":27,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Request Duration By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"s\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":8,\"y\":11},\"hiddenSeries\":false,\"id\":28,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Request Size By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":16,\"y\":11},\"hiddenSeries\":false,\"id\":68,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Response
+ Size By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":17},\"hiddenSeries\":false,\"id\":80,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace), 0.001)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Received from Incoming TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":17},\"hiddenSeries\":false,\"id\":82,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\",
+ reporter=~\\\"$qrep\\\", destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace),
+ 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\",
+ reporter=~\\\"$qrep\\\", destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace),
+ 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Sent to Incoming TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}}],\"title\":\"Client
+ Workloads\",\"type\":\"row\"},{\"collapsed\":true,\"gridPos\":{\"h\":1,\"w\":24,\"x\":0,\"y\":2},\"id\":102,\"panels\":[{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>SERVICE WORKLOADS</span>\\n</div>\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"gridPos\":{\"h\":3,\"w\":24,\"x\":0,\"y\":3},\"id\":69,\"links\":[],\"mode\":\"html\",\"options\":{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>SERVICE WORKLOADS</span>\\n</div>\",\"mode\":\"html\"},\"pluginVersion\":\"7.1.0\",\"title\":\"\",\"transparent\":true,\"type\":\"text\"},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":0,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":6},\"hiddenSeries\":false,\"id\":90,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null
+ as zero\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\",destination_service=~\\\"$service\\\",reporter=\\\"destination\\\",destination_workload=~\\\"$dstwl\\\",destination_workload_namespace=~\\\"$dstns\\\"}[5m]))
+ by (destination_workload, destination_workload_namespace, response_code), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code
+ }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", reporter=\\\"destination\\\", destination_workload=~\\\"$dstwl\\\",
+ destination_workload_namespace=~\\\"$dstns\\\"}[5m])) by (destination_workload,
+ destination_workload_namespace, response_code), 0.001)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code
+ }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Requests By Destination Workload And Response Code\",\"tooltip\":{\"shared\":false,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[\"total\"]},\"yaxes\":[{\"format\":\"ops\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":6},\"hiddenSeries\":false,\"id\":91,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"sum(irate(istio_requests_total{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m]))
+ by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m]))
+ by (destination_workload, destination_workload_namespace)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"sum(irate(istio_requests_total{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m]))
+ by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m]))
+ by (destination_workload, destination_workload_namespace)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Success Rate (non-5xx responses) By Destination Workload\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"percentunit\",\"label\":null,\"logBase\":1,\"max\":\"1.01\",\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"description\":\"\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":0,\"y\":12},\"hiddenSeries\":false,\"id\":94,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99,
+ sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Request Duration By Service Workload\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"s\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":8,\"y\":12},\"hiddenSeries\":false,\"id\":95,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Request Size By Service Workload\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":16,\"y\":12},\"hiddenSeries\":false,\"id\":96,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace }} P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Response
+ Size By Service Workload\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":18},\"hiddenSeries\":false,\"id\":92,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace), 0.001)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace}} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",
+ destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m]))
+ by (destination_workload, destination_workload_namespace), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{ destination_workload_namespace}}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Received from Incoming TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":18},\"hiddenSeries\":false,\"id\":93,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\",
+ reporter=\\\"destination\\\", destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\",
+ destination_workload_namespace=~\\\"$dstns\\\"}[1m])) by (destination_workload,
+ destination_workload_namespace), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{destination_workload_namespace }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\",
+ reporter=\\\"destination\\\", destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\",
+ destination_workload_namespace=~\\\"$dstns\\\"}[1m])) by (destination_workload,
+ destination_workload_namespace), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_workload }}.{{destination_workload_namespace }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Sent to Incoming TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}}],\"title\":\"Service
+ Workloads\",\"type\":\"row\"}],\"refresh\":\"1m\",\"schemaVersion\":26,\"style\":\"dark\",\"tags\":[],\"templating\":{\"list\":[{\"current\":{\"selected\":true,\"text\":\"default\",\"value\":\"default\"},\"hide\":0,\"includeAll\":false,\"label\":null,\"multi\":false,\"name\":\"datasource\",\"options\":[],\"query\":\"prometheus\",\"queryValue\":\"\",\"refresh\":1,\"regex\":\"\",\"skipUrlSync\":false,\"type\":\"datasource\"},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":false,\"label\":\"Service\",\"multi\":false,\"name\":\"service\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{})
+ by (destination_service) or sum(istio_tcp_sent_bytes_total{}) by (destination_service))\",\"refresh\":1,\"regex\":\"/.*destination_service=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":0,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{\"selected\":true,\"text\":\"destination\",\"value\":\"destination\"},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":false,\"label\":\"Reporter\",\"multi\":true,\"name\":\"qrep\",\"query\":\"source,destination\",\"refresh\":1,\"regex\":\"\",\"skipUrlSync\":false,\"sort\":1,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"custom\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Client
+ Cluster\",\"multi\":true,\"name\":\"srccluster\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=~\\\"$qrep\\\",
+ destination_service=\\\"$service\\\"}) by (source_cluster) or sum(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_service=~\\\"$service\\\"}) by (source_cluster))\",\"refresh\":1,\"regex\":\"/.*cluster=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":2,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Client
+ Workload Namespace\",\"multi\":true,\"name\":\"srcns\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=~\\\"$qrep\\\",
+ destination_service=\\\"$service\\\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_service=~\\\"$service\\\"}) by (source_workload_namespace))\",\"refresh\":1,\"regex\":\"/.*namespace=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":3,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Client
+ Workload\",\"multi\":true,\"name\":\"srcwl\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=~\\\"$qrep\\\",
+ destination_service=~\\\"$service\\\", source_workload_namespace=~\\\"$srcns\\\"})
+ by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_service=~\\\"$service\\\", source_workload_namespace=~\\\"$srcns\\\"})
+ by (source_workload))\",\"refresh\":1,\"regex\":\"/.*workload=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":4,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Service
+ Workload Cluster\",\"multi\":true,\"name\":\"dstcluster\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=\\\"destination\\\",
+ destination_service=\\\"$service\\\"}) by (destination_cluster) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\",
+ destination_service=~\\\"$service\\\"}) by (destination_cluster))\",\"refresh\":1,\"regex\":\"/.*cluster=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":2,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Service
+ Workload Namespace\",\"multi\":true,\"name\":\"dstns\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=\\\"destination\\\",
+ destination_service=\\\"$service\\\"}) by (destination_workload_namespace) or
+ sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", destination_service=~\\\"$service\\\"})
+ by (destination_workload_namespace))\",\"refresh\":1,\"regex\":\"/.*namespace=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":3,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Service
+ Workload\",\"multi\":true,\"name\":\"dstwl\",\"options\":[],\"query\":\"query_result(
+ sum(istio_requests_total{reporter=\\\"destination\\\", destination_service=~\\\"$service\\\",
+ destination_cluster=~\\\"$dstcluster\\\", destination_workload_namespace=~\\\"$dstns\\\"})
+ by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\",
+ destination_service=~\\\"$service\\\", destination_cluster=~\\\"$dstcluster\\\",
+ destination_workload_namespace=~\\\"$dstns\\\"}) by (destination_workload))\",\"refresh\":1,\"regex\":\"/.*workload=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":4,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false}]},\"time\":{\"from\":\"now-5m\",\"to\":\"now\"},\"timepicker\":{\"refresh_intervals\":[\"5m\",\"15m\",\"30m\",\"1h\",\"2h\",\"1d\"],\"time_options\":[\"5m\",\"15m\",\"1h\",\"6h\",\"12h\",\"24h\",\"2d\",\"7d\",\"30d\"]},\"timezone\":\"\",\"title\":\"Istio
+ Service Dashboard\",\"uid\":\"LJ_uJAvmk\",\"version\":1}\n"
+ istio-workload-dashboard.json: "{\"annotations\":{\"list\":[{\"builtIn\":1,\"datasource\":\"--
+ Grafana --\",\"enable\":true,\"hide\":true,\"iconColor\":\"rgba(0, 211, 255, 1)\",\"name\":\"Annotations
+ & Alerts\",\"type\":\"dashboard\"}]},\"editable\":false,\"gnetId\":null,\"graphTooltip\":0,\"iteration\":1531345461465,\"links\":[],\"panels\":[{\"collapsed\":true,\"gridPos\":{\"h\":1,\"w\":24,\"x\":0,\"y\":0},\"id\":95,\"panels\":[{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>WORKLOAD: $workload.$namespace</span>\\n</div>\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"gridPos\":{\"h\":3,\"w\":24,\"x\":0,\"y\":1},\"id\":89,\"links\":[],\"mode\":\"html\",\"options\":{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>WORKLOAD: $workload.$namespace</span>\\n</div>\",\"mode\":\"html\"},\"pluginVersion\":\"7.1.0\",\"title\":\"\",\"transparent\":true,\"type\":\"text\"},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"rgba(245,
+ 54, 54, 0.9)\",\"rgba(237, 129, 40, 0.89)\",\"rgba(50, 172, 45, 0.97)\"],\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"ops\",\"gauge\":{\"maxValue\":100,\"minValue\":0,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":true},\"gridPos\":{\"h\":4,\"w\":8,\"x\":0,\"y\":4},\"id\":12,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"round(sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\"}[5m])),
+ 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"refId\":\"A\",\"step\":4}],\"thresholds\":\"\",\"title\":\"Incoming
+ Request Volume\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"current\"},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"rgba(50,
+ 172, 45, 0.97)\",\"rgba(237, 129, 40, 0.89)\",\"rgba(245, 54, 54, 0.9)\"],\"datasource\":\"Prometheus\",\"decimals\":null,\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"percentunit\",\"gauge\":{\"maxValue\":100,\"minValue\":80,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":false},\"gridPos\":{\"h\":4,\"w\":8,\"x\":8,\"y\":4},\"id\":14,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\"}[5m]))
+ / sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\"}[5m]))\",\"format\":\"time_series\",\"intervalFactor\":1,\"refId\":\"A\"}],\"thresholds\":\"95,
+ 99, 99.5\",\"title\":\"Incoming Success Rate (non-5xx responses)\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"avg\"},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":4,\"w\":8,\"x\":16,\"y\":4},\"hiddenSeries\":false,\"id\":87,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":false,\"hideZero\":false,\"max\":false,\"min\":false,\"rightSide\":true,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le)) / 1000) or
+ histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\",\"format\":\"time_series\",\"interval\":\"\",\"intervalFactor\":1,\"legendFormat\":\"P50\",\"refId\":\"A\"},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le)) / 1000) or
+ histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"P90\",\"refId\":\"B\"},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le)) / 1000) or
+ histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"P99\",\"refId\":\"C\"}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Request
+ Duration\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"s\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"#299c46\",\"rgba(237,
+ 129, 40, 0.89)\",\"#d44a3a\"],\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"Bps\",\"gauge\":{\"maxValue\":100,\"minValue\":0,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":true},\"gridPos\":{\"h\":4,\"w\":12,\"x\":0,\"y\":8},\"id\":84,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"sum(irate(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\"}[1m]))
+ + sum(irate(istio_tcp_received_bytes_total{reporter=~\\\"$qrep\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ destination_workload=~\\\"$workload\\\"}[1m]))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"\",\"refId\":\"A\"}],\"thresholds\":\"\",\"title\":\"TCP
+ Server Traffic\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"avg\"},{\"cacheTimeout\":null,\"colorBackground\":false,\"colorValue\":false,\"colors\":[\"#299c46\",\"rgba(237,
+ 129, 40, 0.89)\",\"#d44a3a\"],\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"format\":\"Bps\",\"gauge\":{\"maxValue\":100,\"minValue\":0,\"show\":false,\"thresholdLabels\":false,\"thresholdMarkers\":true},\"gridPos\":{\"h\":4,\"w\":12,\"x\":12,\"y\":8},\"id\":85,\"interval\":null,\"links\":[],\"options\":{\"colorMode\":\"value\",\"graphMode\":\"area\",\"justifyMode\":\"auto\",\"orientation\":\"horizontal\",\"reduceOptions\":{\"calcs\":[\"lastNotNull\"],\"fields\":\"\",\"values\":false},\"textMode\":\"auto\"},\"mappingType\":1,\"mappingTypes\":[{\"name\":\"value
+ to text\",\"value\":1},{\"name\":\"range to text\",\"value\":2}],\"maxDataPoints\":100,\"nullPointMode\":\"connected\",\"nullText\":null,\"postfix\":\"\",\"postfixFontSize\":\"50%\",\"prefix\":\"\",\"prefixFontSize\":\"50%\",\"rangeMaps\":[{\"from\":\"null\",\"text\":\"N/A\",\"to\":\"null\"}],\"sparkline\":{\"fillColor\":\"rgba(31,
+ 118, 189, 0.18)\",\"full\":true,\"lineColor\":\"rgb(31, 120, 193)\",\"show\":true},\"tableColumn\":\"\",\"targets\":[{\"expr\":\"sum(irate(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\"}[1m]))
+ + sum(irate(istio_tcp_received_bytes_total{reporter=~\\\"$qrep\\\", source_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$workload\\\"}[1m]))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"\",\"refId\":\"A\"}],\"thresholds\":\"\",\"title\":\"TCP
+ Client Traffic\",\"type\":\"singlestat\",\"valueFontSize\":\"80%\",\"valueMaps\":[{\"op\":\"=\",\"text\":\"N/A\",\"value\":\"null\"}],\"valueName\":\"avg\"}],\"title\":\"General\",\"type\":\"row\"},{\"collapsed\":true,\"gridPos\":{\"h\":1,\"w\":24,\"x\":0,\"y\":1},\"id\":93,\"panels\":[{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>INBOUND WORKLOADS</span>\\n</div>\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"gridPos\":{\"h\":3,\"w\":24,\"x\":0,\"y\":13},\"id\":45,\"links\":[],\"mode\":\"html\",\"options\":{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>INBOUND WORKLOADS</span>\\n</div>\",\"mode\":\"html\"},\"pluginVersion\":\"7.1.0\",\"title\":\"\",\"transparent\":true,\"type\":\"text\"},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":0,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":16},\"hiddenSeries\":false,\"id\":25,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null
+ as zero\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\",
+ reporter=~\\\"$qrep\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace, response_code), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\",
+ reporter=~\\\"$qrep\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace, response_code), 0.001)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Requests By Source And Response Code\",\"tooltip\":{\"shared\":false,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[\"total\"]},\"yaxes\":[{\"format\":\"ops\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":16},\"hiddenSeries\":false,\"id\":26,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace)
+ / sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace)
+ / sum(irate(istio_requests_total{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m]))
+ by (source_workload, source_workload_namespace)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Success Rate (non-5xx responses) By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"percentunit\",\"label\":null,\"logBase\":1,\"max\":\"1.01\",\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"description\":\"\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":0,\"y\":22},\"hiddenSeries\":false,\"id\":27,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Request Duration By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"s\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":8,\"y\":22},\"hiddenSeries\":false,\"id\":28,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Incoming
+ Request Size By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":16,\"y\":22},\"hiddenSeries\":false,\"id\":68,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ \ P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\",
+ destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace,
+ le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{source_workload}}.{{source_workload_namespace}}
+ P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Response
+ Size By Source\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":28},\"hiddenSeries\":false,\"id\":80,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace), 0.001)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{reporter=~\\\"$qrep\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Received from Incoming TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":28},\"hiddenSeries\":false,\"id\":82,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\",
+ reporter=~\\\"$qrep\\\", destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\",
+ reporter=~\\\"$qrep\\\", destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\",
+ source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m]))
+ by (source_workload, source_workload_namespace), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ source_workload }}.{{ source_workload_namespace}}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Sent to Incoming TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}}],\"title\":\"Inbound
+ Workloads\",\"type\":\"row\"},{\"collapsed\":true,\"gridPos\":{\"h\":1,\"w\":24,\"x\":0,\"y\":2},\"id\":91,\"panels\":[{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>OUTBOUND SERVICES</span>\\n</div>\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"gridPos\":{\"h\":3,\"w\":24,\"x\":0,\"y\":14},\"id\":69,\"links\":[],\"mode\":\"html\",\"options\":{\"content\":\"<div
+ class=\\\"dashboard-header text-center\\\">\\n<span>OUTBOUND SERVICES</span>\\n</div>\",\"mode\":\"html\"},\"pluginVersion\":\"7.1.0\",\"title\":\"\",\"transparent\":true,\"type\":\"text\"},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":0,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":17},\"hiddenSeries\":false,\"id\":70,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null
+ as zero\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_requests_total{destination_principal=~\\\"spiffe.*\\\",
+ source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\",
+ reporter=\\\"source\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) by (destination_service,
+ response_code), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} : {{ response_code }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_requests_total{destination_principal!~\\\"spiffe.*\\\",
+ source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\",
+ reporter=\\\"source\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) by (destination_service,
+ response_code), 0.001)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} : {{ response_code }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Outgoing
+ Requests By Destination And Response Code\",\"tooltip\":{\"shared\":false,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[\"total\"]},\"yaxes\":[{\"format\":\"ops\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":17},\"hiddenSeries\":false,\"id\":71,\"legend\":{\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"sum(irate(istio_requests_total{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", destination_service=~\\\"$dstsvc\\\"}[5m]))
+ by (destination_service) / sum(irate(istio_requests_total{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[5m]))
+ by (destination_service)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"sum(irate(istio_requests_total{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", destination_service=~\\\"$dstsvc\\\"}[5m]))
+ by (destination_service) / sum(irate(istio_requests_total{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[5m]))
+ by (destination_service)\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Outgoing
+ Success Rate (non-5xx responses) By Destination\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"percentunit\",\"label\":null,\"logBase\":1,\"max\":\"1.01\",\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"description\":\"\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":0,\"y\":23},\"hiddenSeries\":false,\"id\":72,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"hideZero\":false,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"(histogram_quantile(0.50,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"(histogram_quantile(0.90,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"(histogram_quantile(0.95,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"(histogram_quantile(0.99,
+ sum(irate(istio_request_duration_milliseconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\",
+ source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Outgoing
+ Request Duration By Destination\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"s\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":8,\"y\":23},\"hiddenSeries\":false,\"id\":73,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Outgoing
+ Request Size By Destination\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":8,\"x\":16,\"y\":23},\"hiddenSeries\":false,\"id\":74,\"legend\":{\"alignAsTable\":false,\"avg\":false,\"current\":false,\"hideEmpty\":true,\"max\":false,\"min\":false,\"rightSide\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P50 (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P90 (\U0001F510mTLS)\",\"refId\":\"B\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P95 (\U0001F510mTLS)\",\"refId\":\"C\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P99 (\U0001F510mTLS)\",\"refId\":\"D\",\"step\":2},{\"expr\":\"histogram_quantile(0.50,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P50\",\"refId\":\"E\",\"step\":2},{\"expr\":\"histogram_quantile(0.90,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P90\",\"refId\":\"F\",\"step\":2},{\"expr\":\"histogram_quantile(0.95,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P95\",\"refId\":\"G\",\"step\":2},{\"expr\":\"histogram_quantile(0.99,
+ sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\",\"format\":\"time_series\",\"hide\":false,\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} P99\",\"refId\":\"H\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Response
+ Size By Destination\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"decbytes\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":false}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":0,\"y\":29},\"hiddenSeries\":false,\"id\":76,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{connection_security_policy=\\\"mutual_tls\\\",
+ reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_received_bytes_total{connection_security_policy!=\\\"mutual_tls\\\",
+ reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\",
+ destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Sent on Outgoing TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}},{\"aliasColors\":{},\"bars\":false,\"dashLength\":10,\"dashes\":false,\"datasource\":\"Prometheus\",\"fieldConfig\":{\"defaults\":{\"custom\":{}},\"overrides\":[]},\"fill\":1,\"fillGradient\":0,\"gridPos\":{\"h\":6,\"w\":12,\"x\":12,\"y\":29},\"hiddenSeries\":false,\"id\":78,\"legend\":{\"avg\":false,\"current\":false,\"max\":false,\"min\":false,\"show\":true,\"total\":false,\"values\":false},\"lines\":true,\"linewidth\":1,\"links\":[],\"nullPointMode\":\"null\",\"percentage\":false,\"pluginVersion\":\"7.1.0\",\"pointradius\":5,\"points\":false,\"renderer\":\"flot\",\"seriesOverrides\":[],\"spaceLength\":10,\"stack\":false,\"steppedLine\":false,\"targets\":[{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"source\\\",
+ connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }} (\U0001F510mTLS)\",\"refId\":\"A\",\"step\":2},{\"expr\":\"round(sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"source\\\",
+ connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\",
+ source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[1m]))
+ by (destination_service), 0.001)\",\"format\":\"time_series\",\"intervalFactor\":1,\"legendFormat\":\"{{
+ destination_service }}\",\"refId\":\"B\",\"step\":2}],\"thresholds\":[],\"timeFrom\":null,\"timeRegions\":[],\"timeShift\":null,\"title\":\"Bytes
+ Received from Outgoing TCP Connection\",\"tooltip\":{\"shared\":true,\"sort\":0,\"value_type\":\"individual\"},\"type\":\"graph\",\"xaxis\":{\"buckets\":null,\"mode\":\"time\",\"name\":null,\"show\":true,\"values\":[]},\"yaxes\":[{\"format\":\"Bps\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":\"0\",\"show\":true},{\"format\":\"short\",\"label\":null,\"logBase\":1,\"max\":null,\"min\":null,\"show\":true}],\"yaxis\":{\"align\":false,\"alignLevel\":null}}],\"title\":\"Outbound
+ Services\",\"type\":\"row\"}],\"refresh\":\"1m\",\"schemaVersion\":26,\"style\":\"dark\",\"tags\":[],\"templating\":{\"list\":[{\"current\":{\"selected\":true,\"text\":\"default\",\"value\":\"default\"},\"hide\":0,\"includeAll\":false,\"label\":null,\"multi\":false,\"name\":\"datasource\",\"options\":[],\"query\":\"prometheus\",\"queryValue\":\"\",\"refresh\":1,\"regex\":\"\",\"skipUrlSync\":false,\"type\":\"datasource\"},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":false,\"label\":\"Namespace\",\"multi\":false,\"name\":\"namespace\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total)
+ by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))\",\"refresh\":1,\"regex\":\"/.*_namespace=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":0,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":false,\"label\":\"Workload\",\"multi\":false,\"name\":\"workload\",\"options\":[],\"query\":\"query_result((sum(istio_requests_total{destination_workload_namespace=~\\\"$namespace\\\"})
+ by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\\\"$namespace\\\"})
+ by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\\\"$namespace\\\"})
+ by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\\\"$namespace\\\"})
+ by (source_workload)))\",\"refresh\":1,\"regex\":\"/.*workload=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":1,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{\"selected\":true,\"text\":\"destination\",\"value\":\"destination\"},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":false,\"label\":\"Reporter\",\"multi\":true,\"name\":\"qrep\",\"query\":\"source,destination\",\"refresh\":1,\"regex\":\"\",\"skipUrlSync\":false,\"sort\":2,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"custom\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Inbound
+ Workload Namespace\",\"multi\":true,\"name\":\"srcns\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=~\\\"$qrep\\\",
+ destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\"})
+ by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\"})
+ by (source_workload_namespace))\",\"refresh\":1,\"regex\":\"/.*namespace=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":2,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Inbound
+ Workload\",\"multi\":true,\"name\":\"srcwl\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=~\\\"$qrep\\\",
+ destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=~\\\"$qrep\\\",
+ destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\",
+ source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload))\",\"refresh\":1,\"regex\":\"/.*workload=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":3,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false},{\"allValue\":null,\"current\":{},\"datasource\":\"Prometheus\",\"definition\":\"\",\"hide\":0,\"includeAll\":true,\"label\":\"Destination
+ Service\",\"multi\":true,\"name\":\"dstsvc\",\"options\":[],\"query\":\"query_result(sum(istio_requests_total{reporter=\\\"source\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\"})
+ by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\\\"source\\\",
+ source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\"})
+ by (destination_service))\",\"refresh\":1,\"regex\":\"/.*destination_service=\\\"([^\\\"]*).*/\",\"skipUrlSync\":false,\"sort\":4,\"tagValuesQuery\":\"\",\"tags\":[],\"tagsQuery\":\"\",\"type\":\"query\",\"useTags\":false}]},\"time\":{\"from\":\"now-5m\",\"to\":\"now\"},\"timepicker\":{\"refresh_intervals\":[\"5m\",\"15m\",\"30m\",\"1h\",\"2h\",\"1d\"],\"time_options\":[\"5m\",\"15m\",\"1h\",\"6h\",\"12h\",\"24h\",\"2d\",\"7d\",\"30d\"]},\"timezone\":\"\",\"title\":\"Istio
+ Workload Dashboard\",\"uid\":\"UbsSZTDik\",\"version\":1}\n"
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: istio-services-grafana-dashboards
+ namespace: istio-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/jaeger.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/jaeger.yaml
new file mode 100644
index 0000000..b752e68
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/jaeger.yaml
@@ -0,0 +1,138 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jaeger
+ namespace: istio-system
+ labels:
+ app: jaeger
+spec:
+ selector:
+ matchLabels:
+ app: jaeger
+ template:
+ metadata:
+ labels:
+ app: jaeger
+ sidecar.istio.io/inject: "false"
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "14269"
+ spec:
+ containers:
+ - name: jaeger
+ image: "docker.io/jaegertracing/all-in-one:1.46"
+ env:
+ - name: BADGER_EPHEMERAL
+ value: "false"
+ - name: SPAN_STORAGE_TYPE
+ value: "badger"
+ - name: BADGER_DIRECTORY_VALUE
+ value: "/badger/data"
+ - name: BADGER_DIRECTORY_KEY
+ value: "/badger/key"
+ - name: COLLECTOR_ZIPKIN_HOST_PORT
+ value: ":9411"
+ - name: MEMORY_MAX_TRACES
+ value: "50000"
+ - name: QUERY_BASE_PATH
+ value: /jaeger
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 14269
+ readinessProbe:
+ httpGet:
+ path: /
+ port: 14269
+ volumeMounts:
+ - name: data
+ mountPath: /badger
+ resources:
+ requests:
+ cpu: 10m
+ volumes:
+ - name: data
+ emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: tracing
+ namespace: istio-system
+ labels:
+ app: jaeger
+spec:
+ type: ClusterIP
+ ports:
+ - name: http-query
+ port: 80
+ protocol: TCP
+ targetPort: 16686
+ # Note: Change port name if you add '--query.grpc.tls.enabled=true'
+ - name: grpc-query
+ port: 16685
+ protocol: TCP
+ targetPort: 16685
+ selector:
+ app: jaeger
+---
+# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ name: zipkin
+ name: zipkin
+ namespace: istio-system
+spec:
+ ports:
+ - port: 9411
+ targetPort: 9411
+ name: http-query
+ selector:
+ app: jaeger
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jaeger-collector
+ namespace: istio-system
+ labels:
+ app: jaeger
+spec:
+ type: ClusterIP
+ ports:
+ - name: jaeger-collector-http
+ port: 14268
+ targetPort: 14268
+ protocol: TCP
+ - name: jaeger-collector-grpc
+ port: 14250
+ targetPort: 14250
+ protocol: TCP
+ - port: 9411
+ targetPort: 9411
+ name: http-zipkin
+ - port: 4317
+ name: grpc-otel
+ - port: 4318
+ name: http-otel
+ selector:
+ app: jaeger
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/kiali.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/kiali.yaml
new file mode 100644
index 0000000..1e74f84
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/kiali.yaml
@@ -0,0 +1,568 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Source: kiali-server/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kiali
+ namespace: istio-system
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+...
+---
+# Source: kiali-server/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kiali
+ namespace: istio-system
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+data:
+ config.yaml: |
+ auth:
+ openid: {}
+ openshift:
+ client_id_prefix: kiali
+ strategy: anonymous
+ deployment:
+ accessible_namespaces:
+ - '**'
+ additional_service_yaml: {}
+ affinity:
+ node: {}
+ pod: {}
+ pod_anti: {}
+ configmap_annotations: {}
+ custom_secrets: []
+ host_aliases: []
+ hpa:
+ api_version: autoscaling/v2beta2
+ spec: {}
+ image_digest: ""
+ image_name: quay.io/kiali/kiali
+ image_pull_policy: Always
+ image_pull_secrets: []
+ image_version: v1.76
+ ingress:
+ additional_labels: {}
+ class_name: nginx
+ override_yaml:
+ metadata: {}
+ ingress_enabled: false
+ instance_name: kiali
+ logger:
+ log_format: text
+ log_level: info
+ sampler_rate: "1"
+ time_field_format: 2006-01-02T15:04:05Z07:00
+ namespace: istio-system
+ node_selector: {}
+ pod_annotations: {}
+ pod_labels:
+ sidecar.istio.io/inject: "false"
+ priority_class_name: ""
+ replicas: 1
+ resources:
+ limits:
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ secret_name: kiali
+ security_context: {}
+ service_annotations: {}
+ service_type: ""
+ tolerations: []
+ version_label: v1.76.0
+ view_only_mode: false
+ external_services:
+ custom_dashboards:
+ enabled: true
+ istio:
+ root_namespace: istio-system
+ identity:
+ cert_file: ""
+ private_key_file: ""
+ istio_namespace: istio-system
+ kiali_feature_flags:
+ certificates_information_indicators:
+ enabled: true
+ secrets:
+ - cacerts
+ - istio-ca-secret
+ clustering:
+ autodetect_secrets:
+ enabled: true
+ label: kiali.io/multiCluster=true
+ clusters: []
+ disabled_features: []
+ validations:
+ ignore:
+ - KIA1301
+ login_token:
+ signing_key: CHANGEME00000000
+ server:
+ metrics_enabled: true
+ metrics_port: 9090
+ port: 20001
+ web_root: /kiali
+...
+---
+# Source: kiali-server/templates/role-viewer.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: kiali-viewer
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+rules:
+- apiGroups: [""]
+ resources:
+ - configmaps
+ - endpoints
+ - pods/log
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: [""]
+ resources:
+ - namespaces
+ - pods
+ - replicationcontrollers
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: [""]
+ resources:
+ - pods/portforward
+ verbs:
+ - create
+ - post
+- apiGroups: ["extensions", "apps"]
+ resources:
+ - daemonsets
+ - deployments
+ - replicasets
+ - statefulsets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: ["batch"]
+ resources:
+ - cronjobs
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - networking.istio.io
+ - security.istio.io
+ - extensions.istio.io
+ - telemetry.istio.io
+ - gateway.networking.k8s.io
+ resources: ["*"]
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: ["apps.openshift.io"]
+ resources:
+ - deploymentconfigs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: ["project.openshift.io"]
+ resources:
+ - projects
+ verbs:
+ - get
+- apiGroups: ["route.openshift.io"]
+ resources:
+ - routes
+ verbs:
+ - get
+- apiGroups: ["authentication.k8s.io"]
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+...
+---
+# Source: kiali-server/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: kiali
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+rules:
+- apiGroups: [""]
+ resources:
+ - configmaps
+ - endpoints
+ - pods/log
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: [""]
+ resources:
+ - namespaces
+ - pods
+ - replicationcontrollers
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups: [""]
+ resources:
+ - pods/portforward
+ verbs:
+ - create
+ - post
+- apiGroups: ["extensions", "apps"]
+ resources:
+ - daemonsets
+ - deployments
+ - replicasets
+ - statefulsets
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups: ["batch"]
+ resources:
+ - cronjobs
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - networking.istio.io
+ - security.istio.io
+ - extensions.istio.io
+ - telemetry.istio.io
+ - gateway.networking.k8s.io
+ resources: ["*"]
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups: ["apps.openshift.io"]
+ resources:
+ - deploymentconfigs
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups: ["project.openshift.io"]
+ resources:
+ - projects
+ verbs:
+ - get
+- apiGroups: ["route.openshift.io"]
+ resources:
+ - routes
+ verbs:
+ - get
+- apiGroups: ["authentication.k8s.io"]
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+...
+---
+# Source: kiali-server/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: kiali
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kiali
+subjects:
+- kind: ServiceAccount
+ name: kiali
+ namespace: istio-system
+...
+---
+# Source: kiali-server/templates/role-controlplane.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: kiali-controlplane
+ namespace: istio-system
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+rules:
+- apiGroups: [""]
+ resourceNames:
+ - cacerts
+ - istio-ca-secret
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+...
+---
+# Source: kiali-server/templates/rolebinding-controlplane.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: kiali-controlplane
+ namespace: istio-system
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kiali-controlplane
+subjects:
+- kind: ServiceAccount
+ name: kiali
+ namespace: istio-system
+...
+---
+# Source: kiali-server/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kiali
+ namespace: istio-system
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+ annotations:
+spec:
+ ports:
+ - name: http
+ appProtocol: http
+ protocol: TCP
+ port: 20001
+ - name: http-metrics
+ appProtocol: http
+ protocol: TCP
+ port: 9090
+ selector:
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+...
+---
+# Source: kiali-server/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kiali
+ namespace: istio-system
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ type: RollingUpdate
+ template:
+ metadata:
+ name: kiali
+ labels:
+ helm.sh/chart: kiali-server-1.76.0
+ app: kiali
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/instance: kiali
+ version: "v1.76.0"
+ app.kubernetes.io/version: "v1.76.0"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: "kiali"
+ sidecar.istio.io/inject: "false"
+ annotations:
+ checksum/config: aebd819b94172ef9b148702b7bb438ac35bd1eb284bbb9b13769d8576374fbda
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9090"
+ kiali.io/dashboards: go,kiali
+ spec:
+ serviceAccountName: kiali
+ containers:
+ - image: "quay.io/kiali/kiali:v1.76"
+ imagePullPolicy: Always
+ name: kiali
+ command:
+ - "/opt/kiali/kiali"
+ - "-config"
+ - "/kiali-configuration/config.yaml"
+ securityContext:
+ allowPrivilegeEscalation: false
+ privileged: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ ports:
+ - name: api-port
+ containerPort: 20001
+ - name: http-metrics
+ containerPort: 9090
+ readinessProbe:
+ httpGet:
+ path: /kiali/healthz
+ port: api-port
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ livenessProbe:
+ httpGet:
+ path: /kiali/healthz
+ port: api-port
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ env:
+ - name: ACTIVE_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: LOG_LEVEL
+ value: "info"
+ - name: LOG_FORMAT
+ value: "text"
+ - name: LOG_TIME_FIELD_FORMAT
+ value: "2006-01-02T15:04:05Z07:00"
+ - name: LOG_SAMPLER_RATE
+ value: "1"
+ volumeMounts:
+ - name: kiali-configuration
+ mountPath: "/kiali-configuration"
+ - name: kiali-cert
+ mountPath: "/kiali-cert"
+ - name: kiali-secret
+ mountPath: "/kiali-secret"
+ - name: kiali-cabundle
+ mountPath: "/kiali-cabundle"
+ resources:
+ limits:
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ volumes:
+ - name: kiali-configuration
+ configMap:
+ name: kiali
+ - name: kiali-cert
+ secret:
+ secretName: istio.kiali-service-account
+ optional: true
+ - name: kiali-secret
+ secret:
+ secretName: kiali
+ optional: true
+ - name: kiali-cabundle
+ configMap:
+ name: kiali-cabundle
+ optional: true
+...
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/loki.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/loki.yaml
new file mode 100644
index 0000000..234581d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/loki.yaml
@@ -0,0 +1,302 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Source: loki/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: loki
+ namespace: istio-system
+ labels:
+ helm.sh/chart: loki-4.8.0
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/version: "2.7.3"
+ app.kubernetes.io/managed-by: Helm
+automountServiceAccountToken: true
+---
+# Source: loki/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: loki
+ namespace: istio-system
+ labels:
+ helm.sh/chart: loki-4.8.0
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/version: "2.7.3"
+ app.kubernetes.io/managed-by: Helm
+data:
+ config.yaml: |
+ auth_enabled: false
+ common:
+ compactor_address: 'loki'
+ path_prefix: /var/loki
+ replication_factor: 1
+ storage:
+ filesystem:
+ chunks_directory: /var/loki/chunks
+ rules_directory: /var/loki/rules
+ limits_config:
+ enforce_metric_name: false
+ max_cache_freshness_per_query: 10m
+ reject_old_samples: true
+ reject_old_samples_max_age: 168h
+ split_queries_by_interval: 15m
+ memberlist:
+ join_members:
+ - loki-memberlist
+ query_range:
+ align_queries_with_step: true
+ ruler:
+ storage:
+ type: local
+ runtime_config:
+ file: /etc/loki/runtime-config/runtime-config.yaml
+ schema_config:
+ configs:
+ - from: "2022-01-11"
+ index:
+ period: 24h
+ prefix: loki_index_
+ object_store: filesystem
+ schema: v12
+ store: boltdb-shipper
+ server:
+ grpc_listen_port: 9095
+ http_listen_port: 3100
+ storage_config:
+ hedging:
+ at: 250ms
+ max_per_second: 20
+ up_to: 3
+ table_manager:
+ retention_deletes_enabled: false
+ retention_period: 0
+---
+# Source: loki/templates/runtime-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: loki-runtime
+ namespace: istio-system
+ labels:
+ helm.sh/chart: loki-4.8.0
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/version: "2.7.3"
+ app.kubernetes.io/managed-by: Helm
+data:
+ runtime-config.yaml: |
+ {}
+---
+# Source: loki/templates/service-memberlist.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: loki-memberlist
+ namespace: istio-system
+ labels:
+ helm.sh/chart: loki-4.8.0
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/version: "2.7.3"
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: ClusterIP
+ clusterIP: None
+ ports:
+ - name: tcp
+ port: 7946
+ targetPort: http-memberlist
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/part-of: memberlist
+---
+# Source: loki/templates/single-binary/service-headless.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: loki-headless
+ namespace: istio-system
+ labels:
+ helm.sh/chart: loki-4.8.0
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/version: "2.7.3"
+ app.kubernetes.io/managed-by: Helm
+ variant: headless
+ prometheus.io/service-monitor: "false"
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: 3100
+ targetPort: http-metrics
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+---
+# Source: loki/templates/single-binary/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: loki
+ namespace: istio-system
+ labels:
+ helm.sh/chart: loki-4.8.0
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/version: "2.7.3"
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: ClusterIP
+ ports:
+ - name: http-metrics
+ port: 3100
+ targetPort: http-metrics
+ protocol: TCP
+ - name: grpc
+ port: 9095
+ targetPort: grpc
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: single-binary
+---
+# Source: loki/templates/single-binary/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: loki
+ namespace: istio-system
+ labels:
+ helm.sh/chart: loki-4.8.0
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/version: "2.7.3"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: single-binary
+ app.kubernetes.io/part-of: memberlist
+spec:
+ replicas: 1
+ podManagementPolicy: Parallel
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ serviceName: loki-headless
+ revisionHistoryLimit: 10
+ persistentVolumeClaimRetentionPolicy:
+ whenDeleted: Delete
+ whenScaled: Delete
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: single-binary
+ template:
+ metadata:
+ annotations:
+ checksum/config: a9239b6352e34bbfc748669ed46cb24211fc3491ee7f2c6381af805f8f08fe29
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: single-binary
+ app.kubernetes.io/part-of: memberlist
+ spec:
+ serviceAccountName: loki
+ automountServiceAccountToken: true
+ enableServiceLinks: true
+ securityContext:
+ fsGroup: 10001
+ runAsGroup: 10001
+ runAsNonRoot: true
+ runAsUser: 10001
+ terminationGracePeriodSeconds: 30
+ containers:
+ - name: loki
+ image: docker.io/grafana/loki:2.7.3
+ imagePullPolicy: IfNotPresent
+ args:
+ - -config.file=/etc/loki/config/config.yaml
+ - -target=all
+ ports:
+ - name: http-metrics
+ containerPort: 3100
+ protocol: TCP
+ - name: grpc
+ containerPort: 9095
+ protocol: TCP
+ - name: http-memberlist
+ containerPort: 7946
+ protocol: TCP
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: http-metrics
+ initialDelaySeconds: 30
+ timeoutSeconds: 1
+ volumeMounts:
+ - name: tmp
+ mountPath: /tmp
+ - name: config
+ mountPath: /etc/loki/config
+ - name: runtime-config
+ mountPath: /etc/loki/runtime-config
+ - name: storage
+ mountPath: /var/loki
+ resources:
+ {}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: single-binary
+ topologyKey: kubernetes.io/hostname
+ volumes:
+ - name: tmp
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: loki
+ - name: runtime-config
+ configMap:
+ name: loki-runtime
+ volumeClaimTemplates:
+ - metadata:
+ name: storage
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: "10Gi"
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/prometheus.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/prometheus.yaml
new file mode 100644
index 0000000..63ee77b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/addons/prometheus.yaml
@@ -0,0 +1,548 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Source: prometheus/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ chart: prometheus-19.6.1
+ heritage: Helm
+ name: prometheus
+ namespace: istio-system
+ annotations:
+ {}
+---
+# Source: prometheus/templates/cm.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ chart: prometheus-19.6.1
+ heritage: Helm
+ name: prometheus
+ namespace: istio-system
+data:
+ allow-snippet-annotations: "false"
+ alerting_rules.yml: |
+ {}
+ alerts: |
+ {}
+ prometheus.yml: |
+ global:
+ evaluation_interval: 1m
+ scrape_interval: 15s
+ scrape_timeout: 10s
+ rule_files:
+ - /etc/config/recording_rules.yml
+ - /etc/config/alerting_rules.yml
+ - /etc/config/rules
+ - /etc/config/alerts
+ scrape_configs:
+ - job_name: prometheus
+ static_configs:
+ - targets:
+ - localhost:9090
+ - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ job_name: kubernetes-apiservers
+ kubernetes_sd_configs:
+ - role: endpoints
+ relabel_configs:
+ - action: keep
+ regex: default;kubernetes;https
+ source_labels:
+ - __meta_kubernetes_namespace
+ - __meta_kubernetes_service_name
+ - __meta_kubernetes_endpoint_port_name
+ scheme: https
+ tls_config:
+ ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ insecure_skip_verify: true
+ - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ job_name: kubernetes-nodes
+ kubernetes_sd_configs:
+ - role: node
+ relabel_configs:
+ - action: labelmap
+ regex: __meta_kubernetes_node_label_(.+)
+ - replacement: kubernetes.default.svc:443
+ target_label: __address__
+ - regex: (.+)
+ replacement: /api/v1/nodes/$1/proxy/metrics
+ source_labels:
+ - __meta_kubernetes_node_name
+ target_label: __metrics_path__
+ scheme: https
+ tls_config:
+ ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ insecure_skip_verify: true
+ - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ job_name: kubernetes-nodes-cadvisor
+ kubernetes_sd_configs:
+ - role: node
+ relabel_configs:
+ - action: labelmap
+ regex: __meta_kubernetes_node_label_(.+)
+ - replacement: kubernetes.default.svc:443
+ target_label: __address__
+ - regex: (.+)
+ replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
+ source_labels:
+ - __meta_kubernetes_node_name
+ target_label: __metrics_path__
+ scheme: https
+ tls_config:
+ ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ insecure_skip_verify: true
+ - honor_labels: true
+ job_name: kubernetes-service-endpoints
+ kubernetes_sd_configs:
+ - role: endpoints
+ relabel_configs:
+ - action: keep
+ regex: true
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_scrape
+ - action: drop
+ regex: true
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
+ - action: replace
+ regex: (https?)
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_scheme
+ target_label: __scheme__
+ - action: replace
+ regex: (.+)
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_path
+ target_label: __metrics_path__
+ - action: replace
+ regex: (.+?)(?::\d+)?;(\d+)
+ replacement: $1:$2
+ source_labels:
+ - __address__
+ - __meta_kubernetes_service_annotation_prometheus_io_port
+ target_label: __address__
+ - action: labelmap
+ regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
+ replacement: __param_$1
+ - action: labelmap
+ regex: __meta_kubernetes_service_label_(.+)
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_namespace
+ target_label: namespace
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_service_name
+ target_label: service
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_pod_node_name
+ target_label: node
+ - honor_labels: true
+ job_name: kubernetes-service-endpoints-slow
+ kubernetes_sd_configs:
+ - role: endpoints
+ relabel_configs:
+ - action: keep
+ regex: true
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
+ - action: replace
+ regex: (https?)
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_scheme
+ target_label: __scheme__
+ - action: replace
+ regex: (.+)
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_path
+ target_label: __metrics_path__
+ - action: replace
+ regex: (.+?)(?::\d+)?;(\d+)
+ replacement: $1:$2
+ source_labels:
+ - __address__
+ - __meta_kubernetes_service_annotation_prometheus_io_port
+ target_label: __address__
+ - action: labelmap
+ regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
+ replacement: __param_$1
+ - action: labelmap
+ regex: __meta_kubernetes_service_label_(.+)
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_namespace
+ target_label: namespace
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_service_name
+ target_label: service
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_pod_node_name
+ target_label: node
+ scrape_interval: 5m
+ scrape_timeout: 30s
+ - honor_labels: true
+ job_name: prometheus-pushgateway
+ kubernetes_sd_configs:
+ - role: service
+ relabel_configs:
+ - action: keep
+ regex: pushgateway
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_probe
+ - honor_labels: true
+ job_name: kubernetes-services
+ kubernetes_sd_configs:
+ - role: service
+ metrics_path: /probe
+ params:
+ module:
+ - http_2xx
+ relabel_configs:
+ - action: keep
+ regex: true
+ source_labels:
+ - __meta_kubernetes_service_annotation_prometheus_io_probe
+ - source_labels:
+ - __address__
+ target_label: __param_target
+ - replacement: blackbox
+ target_label: __address__
+ - source_labels:
+ - __param_target
+ target_label: instance
+ - action: labelmap
+ regex: __meta_kubernetes_service_label_(.+)
+ - source_labels:
+ - __meta_kubernetes_namespace
+ target_label: namespace
+ - source_labels:
+ - __meta_kubernetes_service_name
+ target_label: service
+ - honor_labels: true
+ job_name: kubernetes-pods
+ kubernetes_sd_configs:
+ - role: pod
+ relabel_configs:
+ - action: keep
+ regex: true
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_scrape
+ - action: drop
+ regex: true
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
+ - action: replace
+ regex: (https?)
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_scheme
+ target_label: __scheme__
+ - action: replace
+ regex: (.+)
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_path
+ target_label: __metrics_path__
+ - action: replace
+ regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
+ replacement: '[$2]:$1'
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_port
+ - __meta_kubernetes_pod_ip
+ target_label: __address__
+ - action: replace
+ regex: (\d+);((([0-9]+?)(\.|$)){4})
+ replacement: $2:$1
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_port
+ - __meta_kubernetes_pod_ip
+ target_label: __address__
+ - action: labelmap
+ regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
+ replacement: __param_$1
+ - action: labelmap
+ regex: __meta_kubernetes_pod_label_(.+)
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_namespace
+ target_label: namespace
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_pod_name
+ target_label: pod
+ - action: drop
+ regex: Pending|Succeeded|Failed|Completed
+ source_labels:
+ - __meta_kubernetes_pod_phase
+ - honor_labels: true
+ job_name: kubernetes-pods-slow
+ kubernetes_sd_configs:
+ - role: pod
+ relabel_configs:
+ - action: keep
+ regex: true
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
+ - action: replace
+ regex: (https?)
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_scheme
+ target_label: __scheme__
+ - action: replace
+ regex: (.+)
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_path
+ target_label: __metrics_path__
+ - action: replace
+ regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
+ replacement: '[$2]:$1'
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_port
+ - __meta_kubernetes_pod_ip
+ target_label: __address__
+ - action: replace
+ regex: (\d+);((([0-9]+?)(\.|$)){4})
+ replacement: $2:$1
+ source_labels:
+ - __meta_kubernetes_pod_annotation_prometheus_io_port
+ - __meta_kubernetes_pod_ip
+ target_label: __address__
+ - action: labelmap
+ regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
+ replacement: __param_$1
+ - action: labelmap
+ regex: __meta_kubernetes_pod_label_(.+)
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_namespace
+ target_label: namespace
+ - action: replace
+ source_labels:
+ - __meta_kubernetes_pod_name
+ target_label: pod
+ - action: drop
+ regex: Pending|Succeeded|Failed|Completed
+ source_labels:
+ - __meta_kubernetes_pod_phase
+ scrape_interval: 5m
+ scrape_timeout: 30s
+ recording_rules.yml: |
+ {}
+ rules: |
+ {}
+---
+# Source: prometheus/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ chart: prometheus-19.6.1
+ heritage: Helm
+ name: prometheus
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - nodes/proxy
+ - nodes/metrics
+ - services
+ - endpoints
+ - pods
+ - ingresses
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - "extensions"
+ - "networking.k8s.io"
+ resources:
+ - ingresses/status
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
+---
+# Source: prometheus/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ chart: prometheus-19.6.1
+ heritage: Helm
+ name: prometheus
+subjects:
+ - kind: ServiceAccount
+ name: prometheus
+ namespace: istio-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: prometheus
+---
+# Source: prometheus/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ chart: prometheus-19.6.1
+ heritage: Helm
+ name: prometheus
+ namespace: istio-system
+spec:
+ ports:
+ - name: http
+ port: 9090
+ protocol: TCP
+ targetPort: 9090
+ selector:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ sessionAffinity: None
+ type: "ClusterIP"
+---
+# Source: prometheus/templates/deploy.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ chart: prometheus-19.6.1
+ heritage: Helm
+ name: prometheus
+ namespace: istio-system
+spec:
+ selector:
+ matchLabels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ replicas: 1
+ strategy:
+ type: Recreate
+ rollingUpdate: null
+ template:
+ metadata:
+ labels:
+ component: "server"
+ app: prometheus
+ release: prometheus
+ chart: prometheus-19.6.1
+ heritage: Helm
+
+ sidecar.istio.io/inject: "false"
+ spec:
+ enableServiceLinks: true
+ serviceAccountName: prometheus
+ containers:
+ - name: prometheus-server-configmap-reload
+ image: "jimmidyson/configmap-reload:v0.8.0"
+ imagePullPolicy: "IfNotPresent"
+ args:
+ - --volume-dir=/etc/config
+ - --webhook-url=http://127.0.0.1:9090/-/reload
+ resources:
+ {}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/config
+ readOnly: true
+
+ - name: prometheus-server
+ image: "prom/prometheus:v2.41.0"
+ imagePullPolicy: "IfNotPresent"
+ args:
+ - --storage.tsdb.retention.time=15d
+ - --config.file=/etc/config/prometheus.yml
+ - --storage.tsdb.path=/data
+ - --web.console.libraries=/etc/prometheus/console_libraries
+ - --web.console.templates=/etc/prometheus/consoles
+ - --web.enable-lifecycle
+ ports:
+ - containerPort: 9090
+ readinessProbe:
+ httpGet:
+ path: /-/ready
+ port: 9090
+ scheme: HTTP
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ timeoutSeconds: 4
+ failureThreshold: 3
+ successThreshold: 1
+ livenessProbe:
+ httpGet:
+ path: /-/healthy
+ port: 9090
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 10
+ failureThreshold: 3
+ successThreshold: 1
+ resources:
+ {}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/config
+ - name: storage-volume
+ mountPath: /data
+ subPath: ""
+ dnsPolicy: ClusterFirst
+ securityContext:
+ fsGroup: 65534
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ terminationGracePeriodSeconds: 300
+ volumes:
+ - name: config-volume
+ configMap:
+ name: prometheus
+ - name: storage-volume
+ emptyDir:
+ {}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-hr.yaml
new file mode 100644
index 0000000..384cc25
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-hr.yaml
@@ -0,0 +1,61 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Istio base: CRDs:
+# helm install istio-base istio/base -n istio-system --set defaultRevision=default
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: istio-base
+ namespace: istio-system
+spec:
+ chart:
+ spec:
+ chart: base
+ reconcileStrategy: ChartVersion
+ sourceRef:
+ kind: HelmRepository
+ name: istio
+ namespace: istio-system
+ values:
+ defaultRevision: default
+ interval: 30s
+
+---
+# Istio discovery:
+# helm install istiod istio/istiod -n istio-system --wait
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: istiod
+ namespace: istio-system
+spec:
+ targetNamespace: istio-system
+ dependsOn:
+ - name: istio-base
+ chart:
+ spec:
+ chart: istiod
+ reconcileStrategy: ChartVersion
+ sourceRef:
+ kind: HelmRepository
+ name: istio
+ namespace: istio-system
+ values:
+ defaultRevision: default
+ interval: 30s
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-namespace.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-namespace.yaml
new file mode 100644
index 0000000..d458626
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-namespace.yaml
@@ -0,0 +1,23 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: istio-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-repo.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-repo.yaml
new file mode 100644
index 0000000..1b99e5f
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/manifests/core/istio-repo.yaml
@@ -0,0 +1,27 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# helm repo add istio https://istio-release.storage.googleapis.com/charts
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: istio
+ namespace: istio-system
+spec:
+ interval: 30s
+ url: https://istio-release.storage.googleapis.com/charts
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/templates/istio-addons-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/templates/istio-addons-ks.yaml
new file mode 100644
index 0000000..2704381
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/templates/istio-addons-ks.yaml
@@ -0,0 +1,33 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: istio-addons
+ namespace: flux-system
+spec:
+ dependsOn:
+ - name: istio-core
+ interval: 1h0m0s
+ path: ./infra-controllers/istio/manifests/addons
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/templates/istio-core-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/templates/istio-core-ks.yaml
new file mode 100644
index 0000000..20afba8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/istio/templates/istio-core-ks.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: istio-core
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ path: ./infra-controllers/istio/manifests/core
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/manifests/komodorio-repo.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/manifests/komodorio-repo.yaml
new file mode 100644
index 0000000..42bd4f8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/manifests/komodorio-repo.yaml
@@ -0,0 +1,26 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: komodorio
+ namespace: crossplane-system
+spec:
+ interval: 30s
+ url: https://helm-charts.komodor.io
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/manifests/komoplane-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/manifests/komoplane-hr.yaml
new file mode 100644
index 0000000..8ad8ddf
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/manifests/komoplane-hr.yaml
@@ -0,0 +1,33 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: komoplane
+ namespace: crossplane-system
+spec:
+ chart:
+ spec:
+ chart: komoplane
+ reconcileStrategy: ChartVersion
+ sourceRef:
+ kind: HelmRepository
+ name: komodorio
+ namespace: crossplane-system
+ interval: 30s
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/templates/komoplane-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/templates/komoplane-ks.yaml
new file mode 100644
index 0000000..674bf84
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/komoplane/templates/komoplane-ks.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: komoplane
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ path: ./infra-controllers/komoplane/manifests
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/manifests/kubernetes-dashboard-hr.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/manifests/kubernetes-dashboard-hr.yaml
new file mode 100644
index 0000000..7a82e5d
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/manifests/kubernetes-dashboard-hr.yaml
@@ -0,0 +1,37 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: kubernetes-dashboard
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: kubernetes-dashboard
+ reconcileStrategy: ChartVersion
+ sourceRef:
+ kind: HelmRepository
+ name: kubernetes-dashboard
+ namespace: flux-system
+ install:
+ createNamespace: true
+ interval: 10m0s
+ targetNamespace: kubernetes-dashboard
+ values: {}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/manifests/kubernetes-dashboard-repo.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/manifests/kubernetes-dashboard-repo.yaml
new file mode 100644
index 0000000..b07a4e9
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/manifests/kubernetes-dashboard-repo.yaml
@@ -0,0 +1,26 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: kubernetes-dashboard
+ namespace: flux-system
+spec:
+ interval: 10m0s
+ url: https://kubernetes.github.io/dashboard/
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/templates/kubernetes-dashboard-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/templates/kubernetes-dashboard-ks.yaml
new file mode 100644
index 0000000..087252b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/kubernetes-dashboard/templates/kubernetes-dashboard-ks.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: kubernetes-dashboard
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ path: ./infra-controllers/kubernetes-dashboard/manifests
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/weave-gitops/manifests/weave-gitops-dashboard.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/weave-gitops/manifests/weave-gitops-dashboard.yaml
new file mode 100644
index 0000000..abbdc2f
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/weave-gitops/manifests/weave-gitops-dashboard.yaml
@@ -0,0 +1,58 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ annotations:
+ metadata.weave.works/description: This is the source location for the Weave GitOps
+ Dashboard's helm chart.
+ labels:
+ app.kubernetes.io/component: ui
+ app.kubernetes.io/created-by: weave-gitops-cli
+ app.kubernetes.io/name: weave-gitops-dashboard
+ app.kubernetes.io/part-of: weave-gitops
+ name: ww-gitops
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ type: oci
+ url: oci://ghcr.io/weaveworks/charts
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ annotations:
+ metadata.weave.works/description: This is the Weave GitOps Dashboard. It provides
+ a simple way to get insights into your GitOps workloads.
+ name: ww-gitops
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: weave-gitops
+ sourceRef:
+ kind: HelmRepository
+ name: ww-gitops
+ interval: 1h0m0s
+ values:
+ adminUser:
+ create: true
+ passwordHash: $2a$10$M5y6e9EzHvYOykBF7SqxEeI1Hm.yCTaZfaLJMdD5RXZNDRGBeETEG
+ username: admin
+
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/weave-gitops/templates/weave-gitops-ks.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/weave-gitops/templates/weave-gitops-ks.yaml
new file mode 100644
index 0000000..0f5f135
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-controllers/weave-gitops/templates/weave-gitops-ks.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: weave-gitops
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ path: ./infra-controllers/weave-gitops/manifests
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system