github.com/kyma-project/kyma-environment-broker@v0.0.1/internal/runtime/testdata/kyma-installer-cluster.yaml (about) 1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 name: kyma-installer 5 labels: 6 istio-injection: disabled 7 kyma-project.io/installation: "" 8 --- 9 apiVersion: v1 10 kind: LimitRange 11 metadata: 12 name: kyma-default 13 namespace: kyma-installer 14 labels: 15 kyma-project.io/installation: "" 16 spec: 17 limits: 18 - max: 19 memory: 1024Mi # Maximum memory that a container can request 20 default: 21 # If a container does not specify memory limit, this default value will be applied. 22 # If a container tries to allocate more memory, container will be OOM killed. 23 memory: 96Mi 24 defaultRequest: 25 # If a container does not specify memory request, this default value will be applied. 26 # The scheduler considers this value when scheduling a container to a node. 27 # If a node has not enough memory, such pod will not be created. 28 memory: 32Mi 29 type: Container 30 --- 31 apiVersion: apiextensions.k8s.io/v1beta1 32 kind: CustomResourceDefinition 33 metadata: 34 name: installations.installer.kyma-project.io 35 labels: 36 kyma-project.io/installation: "" 37 spec: 38 group: installer.kyma-project.io 39 version: v1alpha1 40 scope: Namespaced 41 names: 42 kind: Installation 43 singular: installation 44 plural: installations 45 shortNames: ['installation'] 46 --- 47 apiVersion: apiextensions.k8s.io/v1beta1 48 kind: CustomResourceDefinition 49 metadata: 50 name: releases.release.kyma-project.io 51 labels: 52 kyma-project.io/installation: "" 53 spec: 54 group: release.kyma-project.io 55 version: v1alpha1 56 scope: Namespaced 57 names: 58 kind: Release 59 singular: release 60 plural: releases 61 shortNames: ['release'] 62 --- 63 apiVersion: v1 64 kind: ServiceAccount 65 metadata: 66 name: helm-certs-job-sa 67 namespace: kyma-installer 68 --- 69 kind: RoleBinding 70 apiVersion: rbac.authorization.k8s.io/v1 71 metadata: 72 name: helm-certs-rolebinding 73 namespace: kube-system 74 subjects: 75 - kind: ServiceAccount 76 name: helm-certs-job-sa 77 namespace: kyma-installer 78 roleRef: 79 kind: Role 80 name: helm-certs-getter 81 apiGroup: rbac.authorization.k8s.io 82 --- 83 kind: RoleBinding 84 apiVersion: rbac.authorization.k8s.io/v1 85 metadata: 86 name: helm-certs-rolebinding 87 namespace: kyma-installer 88 subjects: 89 - kind: ServiceAccount 90 name: helm-certs-job-sa 91 namespace: kyma-installer 92 roleRef: 93 kind: Role 94 name: helm-certs-setter 95 apiGroup: rbac.authorization.k8s.io 96 --- 97 kind: Role 98 apiVersion: rbac.authorization.k8s.io/v1 99 metadata: 100 name: helm-certs-getter 101 namespace: kube-system 102 rules: 103 - apiGroups: [""] 104 resources: ["secrets"] 105 verbs: ["get", "list"] 106 --- 107 kind: Role 108 apiVersion: rbac.authorization.k8s.io/v1 109 metadata: 110 name: helm-certs-setter 111 namespace: kyma-installer 112 rules: 113 - apiGroups: [""] 114 resources: ["secrets"] 115 verbs: ["get", "list", "create", "patch"] 116 --- 117 kind: ClusterRole 118 apiVersion: rbac.authorization.k8s.io/v1 119 metadata: 120 name: all-psp 121 rules: 122 - apiGroups: ["extensions"] 123 resources: ["podsecuritypolicies"] 124 verbs: ["use"] 125 --- 126 kind: ClusterRoleBinding 127 apiVersion: rbac.authorization.k8s.io/v1 128 metadata: 129 name: all-psp 130 subjects: 131 - kind: ServiceAccount 132 name: helm-certs-job-sa 133 namespace: kyma-installer 134 roleRef: 135 kind: ClusterRole 136 name: all-psp 137 apiGroup: rbac.authorization.k8s.io 138 --- 139 apiVersion: batch/v1 140 kind: Job 141 metadata: 142 name: helm-certs-job 143 namespace: kyma-installer 144 labels: 145 kyma-project.io/installation: "" 146 spec: 147 template: 148 metadata: 149 name: helm-certs-job 150 namespace: kyma-installer 151 annotations: 152 sidecar.istio.io/inject: “false” 153 spec: 154 serviceAccountName: helm-certs-job-sa 155 restartPolicy: OnFailure 156 containers: 157 - name: certhelper 158 image: eu.gcr.io/kyma-project/tpi/k8s-tools:20210504-12243229 159 command: 160 - bash 161 - -c 162 - | 163 WORKING_DIR="/tmp/certs" 164 mkdir -p "${WORKING_DIR}" 165 cat <<EOF > "${WORKING_DIR}/openssl.cnf" 166 [ req ] 167 #default_bits = 2048 168 #default_md = sha256 169 #default_keyfile = privkey.pem 170 distinguished_name = req_distinguished_name 171 attributes = req_attributes 172 [ req_distinguished_name ] 173 countryName = Country Name (2 letter code) 174 countryName_min = 2 175 countryName_max = 2 176 stateOrProvinceName = State or Province Name (full name) 177 localityName = Locality Name (eg, city) 178 0.organizationName = Organization Name (eg, company) 179 organizationalUnitName = Organizational Unit Name (eg, section) 180 commonName = Common Name (eg, fully qualified host name) 181 commonName_max = 64 182 emailAddress = Email Address 183 emailAddress_max = 64 184 [ req_attributes ] 185 challengePassword = A challenge password 186 challengePassword_min = 4 187 challengePassword_max = 20 188 [ v3_ca ] 189 basicConstraints = critical,CA:TRUE 190 subjectKeyIdentifier = hash 191 authorityKeyIdentifier = keyid:always,issuer:always 192 EOF 193 echo "---> Get Tiller CA" 194 if [[ $(kubectl get -n kube-system secret tiller-secret) ]] ; then 195 kubectl get -n kube-system secret tiller-secret -o jsonpath="{.data['ca\.crt']}" | base64 --decode > "${WORKING_DIR}/ca.crt" 196 kubectl get -n kube-system secret tiller-secret -o jsonpath="{.data['ca\.key']}" | base64 --decode > "${WORKING_DIR}/ca.key" 197 else 198 echo "Secret: tiller-secret does not exists!" 199 exit 1 200 fi 201 echo "---> Generate Helm key" 202 openssl genrsa -out "${WORKING_DIR}/helm.key.pem" 4096 203 openssl req -key "${WORKING_DIR}/helm.key.pem" -new -sha256 -out "${WORKING_DIR}/helm.csr.pem" -subj "/C=PL/ST=Gliwice/L=Gliwice/O=Helm Client/CN=helm-client" 204 openssl x509 -req -CA "${WORKING_DIR}/ca.crt" -CAkey "${WORKING_DIR}/ca.key" -CAcreateserial -in "${WORKING_DIR}/helm.csr.pem" -out "${WORKING_DIR}/helm.cert.pem" -days 365 205 echo "---> Create secrets in k8s" 206 COMBO_YAML=$(cat << EOF 207 --- 208 apiVersion: v1 209 data: 210 global.helm.ca.crt: "$(base64 "${WORKING_DIR}/ca.crt" | tr -d '\n')" 211 global.helm.tls.crt: "$(base64 ${WORKING_DIR}/helm.cert.pem | tr -d '\n')" 212 global.helm.tls.key: "$(base64 ${WORKING_DIR}/helm.key.pem | tr -d '\n')" 213 kind: Secret 214 metadata: 215 creationTimestamp: null 216 labels: 217 installer: overrides 218 kyma-project.io/installation: "" 219 name: helm-secret 220 namespace: kyma-installer 221 type: Opaque 222 EOF 223 ) 224 echo "${COMBO_YAML}" | kubectl create -f - 225 --- 226 apiVersion: v1 227 kind: ServiceAccount 228 metadata: 229 name: kyma-installer 230 namespace: kyma-installer 231 labels: 232 kyma-project.io/installation: "" 233 --- 234 apiVersion: extensions/v1beta1 235 kind: Deployment 236 metadata: 237 name: kyma-installer 238 namespace: kyma-installer 239 labels: 240 kyma-project.io/installation: "" 241 spec: 242 template: 243 metadata: 244 labels: 245 name: kyma-installer 246 spec: 247 serviceAccountName: kyma-installer 248 containers: 249 - name: kyma-installer-container 250 image: eu.gcr.io/kyma-project/kyma-installer:1.9.0 251 imagePullPolicy: IfNotPresent 252 args: 253 - -tillerTLSInsecureSkipVerify=true 254 volumeMounts: 255 - mountPath: /etc/certs 256 name: helm-certs 257 readOnly: true 258 volumes: 259 - name: helm-certs 260 secret: 261 secretName: helm-secret 262 items: 263 - key: global.helm.tls.crt 264 path: tls.crt 265 - key: global.helm.tls.key 266 path: tls.key 267 --- 268 kind: ClusterRole 269 apiVersion: rbac.authorization.k8s.io/v1beta1 270 metadata: 271 name: kyma-installer-reader 272 labels: 273 kyma-project.io/installation: "" 274 rules: 275 - apiGroups: ["*"] 276 resources: ["*"] 277 verbs: ["*"] 278 --- 279 kind: ClusterRoleBinding 280 apiVersion: rbac.authorization.k8s.io/v1beta1 281 metadata: 282 name: kyma-installer 283 labels: 284 kyma-project.io/installation: "" 285 subjects: 286 - kind: ServiceAccount 287 name: kyma-installer 288 namespace: kyma-installer 289 roleRef: 290 apiGroup: rbac.authorization.k8s.io 291 kind: ClusterRole 292 name: kyma-installer-reader 293 --- 294 apiVersion: "installer.kyma-project.io/v1alpha1" 295 kind: Installation 296 metadata: 297 name: kyma-installation 298 labels: 299 action: install 300 kyma-project.io/installation: "" 301 finalizers: 302 - finalizer.installer.kyma-project.io 303 spec: 304 version: "0.0.1" 305 url: "" 306 components: 307 - name: "cluster-essentials" 308 namespace: "kyma-system" 309 - name: "testing" 310 namespace: "kyma-system" 311 - name: "istio-init" 312 namespace: "istio-system" 313 - name: "istio" 314 namespace: "istio-system" 315 - name: "xip-patch" 316 namespace: "kyma-installer" 317 - name: "istio-kyma-patch" 318 namespace: "istio-system" 319 - name: "knative-serving-init" 320 namespace: "knative-serving" 321 - name: "knative-serving" 322 namespace: "knative-serving" 323 # - name: "knative-build-init" 324 # namespace: "knative-build" 325 # - name: "knative-build" 326 # namespace: "knative-build" 327 - name: "knative-eventing" 328 namespace: "knative-eventing" 329 - name: "dex" 330 namespace: "kyma-system" 331 - name: "ory" 332 namespace: "kyma-system" 333 - name: "api-gateway" 334 namespace: "kyma-system" 335 - name: "service-catalog" 336 namespace: "kyma-system" 337 - name: "service-catalog-addons" 338 namespace: "kyma-system" 339 - name: "helm-broker" 340 namespace: "kyma-system" 341 - name: "nats-streaming" 342 namespace: "natss" 343 - name: "rafter" 344 namespace: "kyma-system" 345 - name: "core" 346 namespace: "kyma-system" 347 - name: "knative-provisioner-natss" 348 namespace: "knative-eventing" 349 - name: "event-bus" 350 namespace: "kyma-system" 351 - name: "event-sources" 352 namespace: "kyma-system" 353 - name: "application-connector-ingress" 354 namespace: "kyma-system" 355 - name: "application-connector-helper" 356 namespace: "kyma-system" 357 - name: "application-connector" 358 namespace: "kyma-system" 359 - name: "backup-init" 360 namespace: "kyma-system" 361 - name: "backup" 362 namespace: "kyma-system" 363 - name: "monitoring" 364 namespace: "kyma-system" 365 #- name: "compass-runtime-agent" 366 # namespace: "compass-system" 367 ---