diff --git a/charts/litmus/README-local.md b/charts/litmus/README-local.md new file mode 100644 index 00000000..75f6e59b --- /dev/null +++ b/charts/litmus/README-local.md @@ -0,0 +1,53 @@ + + +helm template litmus charts/litmus --namespace litmus-system --version 3.16 --values charts/litmus/values.yaml +helm template litmus charts/litmus --namespace litmus-system --values charts/litmus/values.yaml | grep "image: " + + +helm template litmus charts/litmus --namespace litmus-system --version 3.16 --values values-local-3-16-0.yaml +helm template litmus charts/litmus --namespace litmus-system --version 3.16 --values values-local-3-16-0.yaml > all-litmus-3-16-0-manifests.yaml.out +helm template litmus charts/litmus --namespace litmus-system --version 3.16 --values values-local-3-16-0.yaml | grep "image: " +helm template litmus charts/litmus --namespace litmus-system --version 3.16 --values values-local-3-16-0.yaml | grep "runAsUser: " -C 10 +helm template litmus charts/litmus --namespace litmus-system --version 3.16 --values values-local-3-16-0.yaml | grep "ServiceAccount: " + + + +yq -s '"split-3-16-0"+(.kind | downcase) + "-" + .metadata.name +"-"+ $index' all-litmus-3-16-0-manifests.yaml.out + +# checking values file +yq eval . values-local-3-16-0.yaml + +# checking template files +yq eval . all-litmus-3-16-0-manifests.yaml.out + + +kubectl apply -f all-litmus-manifests.yaml.out -n litmus-system --dry-run=client +kubectl apply -f all-litmus-manifests.yaml.out -n litmus-system --dry-run=server + + +helm template litmus charts/litmus --namespace litmus-system --version 3.18 --values charts/litmus/values.yaml +helm template litmus charts/litmus --namespace litmus-system --values charts/litmus/values.yaml | grep "image: " + + +helm template litmus charts/litmus --namespace litmus-system --version 3.18 --values values-local-3-18-0.yaml +helm template litmus charts/litmus --namespace litmus-system --version 3.18 --values values-local-3-18-0.yaml > all-litmus-3-18-0-manifests.yaml.out +helm template litmus charts/litmus --namespace litmus-system --version 3.18 --values values-local-3-18-0.yaml | grep "image: " +helm template litmus charts/litmus --namespace litmus-system --version 3.18 --values values-local-3-18-0.yaml | grep "runAsUser: " -C 10 +helm template litmus charts/litmus --namespace litmus-system --version 3.18 --values values-local-3-18-0.yaml | grep "ServiceAccount: " + + +yq -s '"split-3-18-0"+(.kind | downcase) + "-" + .metadata.name +"-"+ $index' all-litmus-3-18-0-manifests.yaml.out + +# checking values file +yq eval . values-local-3-18-0.yaml + +# checking template files +yq eval . all-litmus-3-18-0-manifests.yaml.out + + +rm all-litmus-*-manifests.yaml.out + +rm split*.y*ml + + + diff --git a/charts/litmus/README.md b/charts/litmus/README.md index d751ed01..d5fc2a50 100644 --- a/charts/litmus/README.md +++ b/charts/litmus/README.md @@ -91,11 +91,14 @@ We separated service configuration from `portal.server.service` to `portal.serve | mongodb | object | `{"architecture":"replicaset","auth":{"enabled":true,"existingSecret":"","rootPassword":"1234","rootUser":"root"},"enabled":true,"image":{"registry":"docker.io","repository":"bitnamilegacy/mongodb","tag":"8.0.13-debian-12-r0"},"livenessProbe":{"timeoutSeconds":20},"metrics":{"enabled":false,"prometheusRule":{"enabled":false}},"persistence":{"enabled":true},"readinessProbe":{"timeoutSeconds":20},"replicaCount":3,"volumePermissions":{"enabled":true,"image":{"registry":"docker.io","repository":"bitnamilegacy/os-shell","tag":"12-debian-12-r51"}}}` | Configure the Bitnami MongoDB subchart see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml | | mongodb.auth.existingSecret | string | `""` | existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | | nameOverride | string | `""` | | +| openshift.anyuid | bool | `false` | | +| openshift.enabled | bool | `false` | | | openshift.route.annotations | object | `{}` | | | openshift.route.customLabels | object | `{}` | | | openshift.route.enabled | bool | `false` | | -| openshift.route.host | string | `""` | | +| openshift.route.host | string | `"litmus-portal.apps-crc.testing"` | | | openshift.route.name | string | `"litmus-portal"` | | +| openshift.sccName | string | `"litmus-chaos-scc"` | | | portal.frontend.affinity | object | `{}` | | | portal.frontend.automountServiceAccountToken | bool | `false` | | | portal.frontend.autoscaling.enabled | bool | `false` | | @@ -251,4 +254,4 @@ We separated service configuration from `portal.server.service` to `portal.serve | proxy.noProxy | string | `nil` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/litmus/templates/frontend-route.yaml b/charts/litmus/templates/frontend-route.yaml index 881ac259..1e54d144 100644 --- a/charts/litmus/templates/frontend-route.yaml +++ b/charts/litmus/templates/frontend-route.yaml @@ -1,4 +1,4 @@ -{{- if .Values.openshift.route.enabled -}} +{{- if and .Values.openshift.route.enabled }} {{ $fullName := include "litmus-portal.fullname" . }} apiVersion: route.openshift.io/v1 kind: Route diff --git a/charts/litmus/templates/openshift-rbac.yaml b/charts/litmus/templates/openshift-rbac.yaml new file mode 100644 index 00000000..8878dea9 --- /dev/null +++ b/charts/litmus/templates/openshift-rbac.yaml @@ -0,0 +1,95 @@ +{{- if and .Values.openshift.enabled (not .Values.openshift.anyuid) }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: {{ .Values.openshift.sccName }} + labels: + app.kubernetes.io/name: {{ .Values.openshift.sccName }} + +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowHostDirVolumePlugin: false +allowPrivilegeEscalation: true +requiredDropCapabilities: null +allowedCapabilities: null +defaultAddCapabilities: null +seccompProfiles: + - '*' +runAsUser: + type: MustRunAsRange # Valid value for runAsUser.type + uidRangeMin: 0 # TODO + uidRangeMax: 2000 # TODO +seLinuxContext: + type: RunAsAny # Valid value for seLinuxContext.type +fsGroup: + type: RunAsAny +supplementalGroups: + type: RunAsAny +readOnlyRootFilesystem: false +volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.openshift.sccName }}-clusterrole + labels: + app.kubernetes.io/name: {{ .Values.openshift.sccName }}-clusterrole +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - {{ .Values.openshift.sccName }} + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.openshift.sccName }}-binding + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Values.openshift.sccName }}-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.openshift.sccName }}-clusterrole +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-mongodb # For mongodb subchart + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: default # Default ServiceAccount + namespace: {{ .Release.Namespace }} +{{- end }} +--- +{{- if and .Values.openshift.enabled .Values.openshift.anyuid }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.openshift.sccName }}-scc-anyuid-binding + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Values.openshift.sccName }}-scc-anyuid-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:anyuid +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-mongodb + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: default # Default ServiceAccount + namespace: {{ .Release.Namespace }} + +{{- end }} \ No newline at end of file diff --git a/charts/litmus/values-local-3-16-0.yaml b/charts/litmus/values-local-3-16-0.yaml new file mode 100644 index 00000000..04c4fcfd --- /dev/null +++ b/charts/litmus/values-local-3-16-0.yaml @@ -0,0 +1,393 @@ +# Default values for litmus. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +nameOverride: "" + +# -- Additional annotations +customPodAnnotations: {} +# -- Additional labels +customLabels: {} +# my.company.com/concourse-cd: 2 + +# -- Use existing secret (e.g., External Secrets) +existingSecret: "" + +# eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? +allowedOrigins: ".*" + +adminConfig: + VERSION: "3.16.0" + SKIP_SSL_VERIFY: "false" + # -- leave empty if uses Mongo DB deployed by this chart + DBPASSWORD: "" + DBUSER: "" + DB_SERVER: "" + DB_PORT: "" + ADMIN_USERNAME: "admin" + ADMIN_PASSWORD: "litmus" + +image: + imageRegistryName: litmuschaos.docker.scarf.sh/litmuschaos + # Optional pod imagePullSecrets + imagePullSecrets: [] + +internalTLS: + # If internal TLS enabled + enabled: false + # enable strong ssl ciphers (default: false) + strong_ssl_ciphers: false + # There are three ways to provide tls + # 1) "auto" will generate cert automatically + # 2) "manual" need provide cert file manually in following value + # 3) "secret" internal certificates from secret + certSource: "auto" + # The content of trust ca, only available when `certSource` is "manual" + trustCa: "" + # Path on which the certs & keys will be mounted across all components + certMountPath: "/etc/tls" + # web related cert configuration + web: + # secret name for web's tls certs + secretName: "" + # Content of web's TLS cert file, only available when `certSource` is "manual" + crt: "" + # Content of web's TLS key file, only available when `certSource` is "manual" + key: "" + # graph-server related cert configuration + graphqlServer: + # secret name for graph-server's tls certs + secretName: "" + # Content of graphqlServer's TLS key file, only available when `certSource` is "manual" + crt: "" + # Content of graphqlServer's TLS key file, only available when `certSource` is "manual" + key: "" + # auth-server related cert configuration + authServer: + # secret name for auth-server's tls certs + secretName: "" + # Content of auth-server's TLS key file, only available when `certSource` is "manual" + crt: "" + # Content of auth-server's TLS key file, only available when `certSource` is "manual" + key: "" + + +ingress: + enabled: false + name: litmus-ingress + annotations: + ingress.kubernetes.io/ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/rewrite-target: /$1 + + ingressClassName: "" + host: + # -- This is ingress hostname (ex: my-domain.com) + name: "" + frontend: + # -- You may need adapt the path depending your ingress-controller + path: / + # -- Allow to set [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for the frontend path + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: [] + +portal: + frontend: + replicas: 1 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + updateStrategy: {} + ## Strategy for deployment updates. + ## + ## Example: + ## + ## strategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 1 + ## maxUnavailable: 25% + automountServiceAccountToken: false + # securityContext: + # runAsUser: 2000 + # allowPrivilegeEscalation: false + # runAsNonRoot: true + image: + repository: litmusportal-frontend + tag: 3.16.0 + pullPolicy: "Always" + containerPort: 8185 + customLabels: {} + # my.company.com/tier: "frontend" + podAnnotations: {} + + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "150Mi" + cpu: "125m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + service: + annotations: {} + type: ClusterIP + port: 9091 + targetPort: 8185 +# NOTE: Using virtualService is not compatible with native mTLS of Litmus. +# It's recommended to use mTLS feature provided by Istio itself in such scenario. + virtualService: + enabled: false + hosts: [] + gateways: [] + pathPrefixEnabled: false + nodeSelector: {} + tolerations: [] + affinity: {} + + server: + replicas: 1 + updateStrategy: {} + ## Strategy for deployment updates. + ## + ## Example: + ## + ## strategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 1 + ## maxUnavailable: 25% + customLabels: {} + # my.company.com/tier: "backend" + waitForMongodb: + image: + repository: mongo + tag: 6 + pullPolicy: "Always" + securityContext: + {} + # runAsUser: 101 + # allowPrivilegeEscalation: false + # runAsNonRoot: true + # readOnlyRootFilesystem: true + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "150Mi" + cpu: "25m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "250m" + ephemeral-storage: "1Gi" + graphqlServer: + automountServiceAccountToken: false + volumes: + - name: gitops-storage + emptyDir: {} + - name: hub-storage + emptyDir: {} + volumeMounts: + - mountPath: /tmp/ + name: gitops-storage + - mountPath: /tmp/version + name: hub-storage + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + image: + repository: litmusportal-server + tag: 3.16.0 + pullPolicy: "Always" + ports: + - name: gql-server + containerPort: 8080 + - name: gql-rpc-server + containerPort: 8000 + service: + annotations: {} + type: ClusterIP + graphqlRestServer: + port: 9002 + targetPort: 8080 + graphqlRpcServer: + port: 8000 + targetPort: 8000 + imageEnv: + SUBSCRIBER_IMAGE: "litmusportal-subscriber:3.16.0" + EVENT_TRACKER_IMAGE: "litmusportal-event-tracker:3.16.0" + ARGO_WORKFLOW_CONTROLLER_IMAGE: "workflow-controller:v3.3.1" + ARGO_WORKFLOW_EXECUTOR_IMAGE: "argoexec:v3.3.1" + LITMUS_CHAOS_OPERATOR_IMAGE: "chaos-operator:3.16.0" + LITMUS_CHAOS_RUNNER_IMAGE: "chaos-runner:3.16.0" + LITMUS_CHAOS_EXPORTER_IMAGE: "chaos-exporter:3.16.0" + genericEnv: + TLS_CERT_64: "" + CONTAINER_RUNTIME_EXECUTOR: "k8sapi" + DEFAULT_HUB_BRANCH_NAME: "v3.16.x" + INFRA_DEPLOYMENTS: '["app=chaos-exporter", "name=chaos-operator", "app=event-tracker", "app=workflow-controller"]' + WORKFLOW_HELPER_IMAGE_VERSION: "3.16.0" + REMOTE_HUB_MAX_SIZE: "5000000" + INFRA_COMPATIBLE_VERSIONS: '["3.16.0"]' + # Provide UI endpoint if using namespaced scope + CHAOS_CENTER_UI_ENDPOINT: "" + ENABLE_GQL_INTROSPECTION: "false" + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + podAnnotations: {} + authServer: + replicas: 1 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + automountServiceAccountToken: false + image: + repository: litmusportal-auth-server + tag: 3.16.0 + pullPolicy: "Always" + ports: + - name: auth-server + containerPort: 3000 + - name: auth-rpc-server + containerPort: 3030 + service: + annotations: {} + type: ClusterIP + authRestServer: + port: 9003 + targetPort: 3000 + authRpcServer: + port: 3030 + targetPort: 3030 + env: {} + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + volumeMounts: [] + volumes: [] + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# OpenShift specific configuration + +openshift: + enabled: true # default false for vanilla kubernetes + anyuid: false # # if true service account will obtain permission for using anyuid scc + sccName: litmus-chaos-scc # name of scc to be used + + # If service should be exposed using an OpenShift route + route: + enabled: true + name: litmus-portal + customLabels: {} + annotations: + haproxy.router.openshift.io/balance: roundrobin + haproxy.router.openshift.io/disable_cookies: "true" + template.openshift.io/expose-uri: "http://{.spec.host}{.spec.path}" + + host: "" + +# -- Configure the Bitnami MongoDB subchart +# see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml +mongodb: + # For some environments, mongo pings can take time to resolve + livenessProbe: + timeoutSeconds: 20 + readinessProbe: + timeoutSeconds: 20 + # Required when using Mac M1 - https://github.com/bitnami/containers/issues/40947#issuecomment-1968364385 + # extraEnvVars: + # - name: EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU + # value: "1" + enabled: true # to check if mongodb is enabled + auth: + enabled: true + rootUser: "root" + rootPassword: "1234" + # -- existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + existingSecret: "" + architecture: replicaset + replicaCount: 3 + persistence: + enabled: true + volumePermissions: + enabled: true + metrics: + enabled: false + prometheusRule: + enabled: false + # Required when using Mac M1 - https://github.com/bitnami/containers/issues/40947#issuecomment-1968364385 + # arbiter: + # extraEnvVars: + # - name: EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU + # value: "1" diff --git a/charts/litmus/values-local-3-18-0.yaml b/charts/litmus/values-local-3-18-0.yaml new file mode 100644 index 00000000..06f6b180 --- /dev/null +++ b/charts/litmus/values-local-3-18-0.yaml @@ -0,0 +1,395 @@ +# Default values for litmus. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +nameOverride: "" + +# -- Additional annotations +customPodAnnotations: {} +# -- Additional labels +customLabels: {} +# my.company.com/concourse-cd: 2 + +# -- Use existing secret (e.g., External Secrets) +existingSecret: "" + +# eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? +allowedOrigins: ".*" + +adminConfig: + VERSION: "3.18.0" + SKIP_SSL_VERIFY: "false" + # -- leave empty if uses Mongo DB deployed by this chart + DBPASSWORD: "" + DBUSER: "" + DB_SERVER: "" + DB_PORT: "" + ADMIN_USERNAME: "admin" + ADMIN_PASSWORD: "litmus" + +image: + imageRegistryName: litmuschaos.docker.scarf.sh/litmuschaos + # Optional pod imagePullSecrets + imagePullSecrets: [] + +internalTLS: + # If internal TLS enabled + enabled: false + # enable strong ssl ciphers (default: false) + strong_ssl_ciphers: false + # There are three ways to provide tls + # 1) "auto" will generate cert automatically + # 2) "manual" need provide cert file manually in following value + # 3) "secret" internal certificates from secret + certSource: "auto" + # The content of trust ca, only available when `certSource` is "manual" + trustCa: "" + # Path on which the certs & keys will be mounted across all components + certMountPath: "/etc/tls" + # web related cert configuration + web: + # secret name for web's tls certs + secretName: "" + # Content of web's TLS cert file, only available when `certSource` is "manual" + crt: "" + # Content of web's TLS key file, only available when `certSource` is "manual" + key: "" + # graph-server related cert configuration + graphqlServer: + # secret name for graph-server's tls certs + secretName: "" + # Content of graphqlServer's TLS key file, only available when `certSource` is "manual" + crt: "" + # Content of graphqlServer's TLS key file, only available when `certSource` is "manual" + key: "" + # auth-server related cert configuration + authServer: + # secret name for auth-server's tls certs + secretName: "" + # Content of auth-server's TLS key file, only available when `certSource` is "manual" + crt: "" + # Content of auth-server's TLS key file, only available when `certSource` is "manual" + key: "" + +ingress: + enabled: false + name: litmus-ingress + annotations: + ingress.kubernetes.io/ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/rewrite-target: /$1 + + ingressClassName: "" + host: + # -- This is ingress hostname (ex: my-domain.com) + name: "" + frontend: + # -- You may need adapt the path depending your ingress-controller + path: / + # -- Allow to set [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for the frontend path + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: [] + +proxy: + httpProxy: + httpsProxy: + noProxy: + components: + - auth-server + - gql-server + +portal: + frontend: + replicas: 1 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + updateStrategy: {} + ## Strategy for deployment updates. + ## + ## Example: + ## + ## strategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 1 + ## maxUnavailable: 25% + automountServiceAccountToken: false + # securityContext: + # runAsUser: 2000 + # allowPrivilegeEscalation: false + # runAsNonRoot: true + image: + repository: litmusportal-frontend + tag: 3.18.0 + pullPolicy: "Always" + containerPort: 8185 + customLabels: {} + # my.company.com/tier: "frontend" + podAnnotations: {} + + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "150Mi" + cpu: "125m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + service: + annotations: {} + type: ClusterIP + port: 9091 + targetPort: 8185 +# NOTE: Using virtualService is not compatible with native mTLS of Litmus. +# It's recommended to use mTLS feature provided by Istio itself in such scenario. + virtualService: + enabled: false + hosts: [] + gateways: [] + pathPrefixEnabled: false + nodeSelector: {} + tolerations: [] + affinity: {} + + server: + replicas: 1 + updateStrategy: {} + ## Strategy for deployment updates. + ## + ## Example: + ## + ## strategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 1 + ## maxUnavailable: 25% + customLabels: {} + # my.company.com/tier: "backend" + waitForMongodb: + image: + repository: mongo + tag: 6 + pullPolicy: "Always" + securityContext: + {} + # runAsUser: 101 + # allowPrivilegeEscalation: false + # runAsNonRoot: true + # readOnlyRootFilesystem: true + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "150Mi" + cpu: "25m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "250m" + ephemeral-storage: "1Gi" + graphqlServer: + automountServiceAccountToken: false + volumes: + - name: gitops-storage + emptyDir: {} + - name: hub-storage + emptyDir: {} + volumeMounts: + - mountPath: /tmp/ + name: gitops-storage + - mountPath: /tmp/version + name: hub-storage + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + image: + repository: litmusportal-server + tag: 3.18.0 + pullPolicy: "Always" + ports: + - name: gql-server + containerPort: 8080 + - name: gql-rpc-server + containerPort: 8000 + service: + annotations: {} + type: ClusterIP + graphqlRestServer: + port: 9002 + targetPort: 8080 + graphqlRpcServer: + port: 8000 + targetPort: 8000 + imageEnv: + SUBSCRIBER_IMAGE: "litmusportal-subscriber:3.18.0" + EVENT_TRACKER_IMAGE: "litmusportal-event-tracker:3.18.0" + ARGO_WORKFLOW_CONTROLLER_IMAGE: "workflow-controller:v3.3.1" + ARGO_WORKFLOW_EXECUTOR_IMAGE: "argoexec:v3.3.1" + LITMUS_CHAOS_OPERATOR_IMAGE: "chaos-operator:3.18.0" + LITMUS_CHAOS_RUNNER_IMAGE: "chaos-runner:3.18.0" + LITMUS_CHAOS_EXPORTER_IMAGE: "chaos-exporter:3.18.0" + genericEnv: + TLS_CERT_64: "" + CONTAINER_RUNTIME_EXECUTOR: "k8sapi" + DEFAULT_HUB_BRANCH_NAME: "v3.16.x" + INFRA_DEPLOYMENTS: '["app=chaos-exporter", "name=chaos-operator", "app=event-tracker", "app=workflow-controller"]' + WORKFLOW_HELPER_IMAGE_VERSION: "3.18.0" + REMOTE_HUB_MAX_SIZE: "5000000" + INFRA_COMPATIBLE_VERSIONS: '["3.18.0"]' + # Provide UI endpoint if using namespaced scope + CHAOS_CENTER_UI_ENDPOINT: "" + ENABLE_GQL_INTROSPECTION: "false" + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + podAnnotations: {} + authServer: + replicas: 1 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + automountServiceAccountToken: false + image: + repository: litmusportal-auth-server + tag: 3.18.0 + pullPolicy: "Always" + ports: + - name: auth-server + containerPort: 3000 + - name: auth-rpc-server + containerPort: 3030 + service: + annotations: {} + type: ClusterIP + authRestServer: + port: 9003 + targetPort: 3000 + authRpcServer: + port: 3030 + targetPort: 3030 + env: {} + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + volumeMounts: [] + volumes: [] + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# OpenShift specific configuration +openshift: + enabled: true # default false for vanilla kubernetes + anyuid: false # # if true service account will obtain permission for using anyuid scc + sccName: litmus-chaos-scc # name of scc to be used + + # If service should be exposed using an OpenShift route + route: + enabled: true + name: litmus-portal + customLabels: {} + annotations: {} + host: "litmus-portal.apps-crc.testing" + +# -- Configure the Bitnami MongoDB subchart +# see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml +mongodb: + # For some environments, mongo pings can take time to resolve + livenessProbe: + timeoutSeconds: 20 + readinessProbe: + timeoutSeconds: 20 + # Required when using Mac M1 - https://github.com/bitnami/containers/issues/40947#issuecomment-1968364385 + # extraEnvVars: + # - name: EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU + # value: "1" + enabled: true + auth: + enabled: true + rootUser: "root" + rootPassword: "1234" + # -- existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + existingSecret: "" + architecture: replicaset + replicaCount: 3 + persistence: + enabled: true + volumePermissions: + enabled: true + metrics: + enabled: false + prometheusRule: + enabled: false + # Required when using Mac M1 - https://github.com/bitnami/containers/issues/40947#issuecomment-1968364385 + # arbiter: + # extraEnvVars: + # - name: EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU + # value: "1" diff --git a/charts/litmus/values-local-3-19-0.yaml b/charts/litmus/values-local-3-19-0.yaml new file mode 100644 index 00000000..3410b44f --- /dev/null +++ b/charts/litmus/values-local-3-19-0.yaml @@ -0,0 +1,395 @@ +# Default values for litmus. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +nameOverride: "" + +# -- Additional annotations +customPodAnnotations: {} +# -- Additional labels +customLabels: {} +# my.company.com/concourse-cd: 2 + +# -- Use existing secret (e.g., External Secrets) +existingSecret: "" + +# eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? +allowedOrigins: ".*" + +adminConfig: + VERSION: "3.19.0" + SKIP_SSL_VERIFY: "false" + # -- leave empty if uses Mongo DB deployed by this chart + DBPASSWORD: "" + DBUSER: "" + DB_SERVER: "" + DB_PORT: "" + ADMIN_USERNAME: "admin" + ADMIN_PASSWORD: "litmus" + +image: + imageRegistryName: litmuschaos.docker.scarf.sh/litmuschaos + # Optional pod imagePullSecrets + imagePullSecrets: [] + +internalTLS: + # If internal TLS enabled + enabled: false + # enable strong ssl ciphers (default: false) + strong_ssl_ciphers: false + # There are three ways to provide tls + # 1) "auto" will generate cert automatically + # 2) "manual" need provide cert file manually in following value + # 3) "secret" internal certificates from secret + certSource: "auto" + # The content of trust ca, only available when `certSource` is "manual" + trustCa: "" + # Path on which the certs & keys will be mounted across all components + certMountPath: "/etc/tls" + # web related cert configuration + web: + # secret name for web's tls certs + secretName: "" + # Content of web's TLS cert file, only available when `certSource` is "manual" + crt: "" + # Content of web's TLS key file, only available when `certSource` is "manual" + key: "" + # graph-server related cert configuration + graphqlServer: + # secret name for graph-server's tls certs + secretName: "" + # Content of graphqlServer's TLS key file, only available when `certSource` is "manual" + crt: "" + # Content of graphqlServer's TLS key file, only available when `certSource` is "manual" + key: "" + # auth-server related cert configuration + authServer: + # secret name for auth-server's tls certs + secretName: "" + # Content of auth-server's TLS key file, only available when `certSource` is "manual" + crt: "" + # Content of auth-server's TLS key file, only available when `certSource` is "manual" + key: "" + +ingress: + enabled: false + name: litmus-ingress + annotations: + ingress.kubernetes.io/ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/rewrite-target: /$1 + + ingressClassName: "" + host: + # -- This is ingress hostname (ex: my-domain.com) + name: "" + frontend: + # -- You may need adapt the path depending your ingress-controller + path: / + # -- Allow to set [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for the frontend path + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: [] + +proxy: + httpProxy: + httpsProxy: + noProxy: + components: + - auth-server + - gql-server + +portal: + frontend: + replicas: 1 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + updateStrategy: {} + ## Strategy for deployment updates. + ## + ## Example: + ## + ## strategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 1 + ## maxUnavailable: 25% + automountServiceAccountToken: false + # securityContext: + # runAsUser: 2000 + # allowPrivilegeEscalation: false + # runAsNonRoot: true + image: + repository: litmusportal-frontend + tag: 3.19.0 + pullPolicy: "Always" + containerPort: 8185 + customLabels: {} + # my.company.com/tier: "frontend" + podAnnotations: {} + + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "150Mi" + cpu: "125m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + service: + annotations: {} + type: ClusterIP + port: 9091 + targetPort: 8185 +# NOTE: Using virtualService is not compatible with native mTLS of Litmus. +# It's recommended to use mTLS feature provided by Istio itself in such scenario. + virtualService: + enabled: false + hosts: [] + gateways: [] + pathPrefixEnabled: false + nodeSelector: {} + tolerations: [] + affinity: {} + + server: + replicas: 1 + updateStrategy: {} + ## Strategy for deployment updates. + ## + ## Example: + ## + ## strategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 1 + ## maxUnavailable: 25% + customLabels: {} + # my.company.com/tier: "backend" + waitForMongodb: + image: + repository: mongo + tag: 6 + pullPolicy: "Always" + securityContext: + {} + # runAsUser: 101 + # allowPrivilegeEscalation: false + # runAsNonRoot: true + # readOnlyRootFilesystem: true + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "150Mi" + cpu: "25m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "250m" + ephemeral-storage: "1Gi" + graphqlServer: + automountServiceAccountToken: false + volumes: + - name: gitops-storage + emptyDir: {} + - name: hub-storage + emptyDir: {} + volumeMounts: + - mountPath: /tmp/ + name: gitops-storage + - mountPath: /tmp/version + name: hub-storage + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + image: + repository: litmusportal-server + tag: 3.19.0 + pullPolicy: "Always" + ports: + - name: gql-server + containerPort: 8080 + - name: gql-rpc-server + containerPort: 8000 + service: + annotations: {} + type: ClusterIP + graphqlRestServer: + port: 9002 + targetPort: 8080 + graphqlRpcServer: + port: 8000 + targetPort: 8000 + imageEnv: + SUBSCRIBER_IMAGE: "litmusportal-subscriber:3.19.0" + EVENT_TRACKER_IMAGE: "litmusportal-event-tracker:3.19.0" + ARGO_WORKFLOW_CONTROLLER_IMAGE: "workflow-controller:v3.3.1" + ARGO_WORKFLOW_EXECUTOR_IMAGE: "argoexec:v3.3.1" + LITMUS_CHAOS_OPERATOR_IMAGE: "chaos-operator:3.19.0" + LITMUS_CHAOS_RUNNER_IMAGE: "chaos-runner:3.19.0" + LITMUS_CHAOS_EXPORTER_IMAGE: "chaos-exporter:3.19.0" + genericEnv: + TLS_CERT_64: "" + CONTAINER_RUNTIME_EXECUTOR: "k8sapi" + DEFAULT_HUB_BRANCH_NAME: "v3.16.x" + INFRA_DEPLOYMENTS: '["app=chaos-exporter", "name=chaos-operator", "app=event-tracker", "app=workflow-controller"]' + WORKFLOW_HELPER_IMAGE_VERSION: "3.19.0" + REMOTE_HUB_MAX_SIZE: "5000000" + INFRA_COMPATIBLE_VERSIONS: '["3.19.0"]' + # Provide UI endpoint if using namespaced scope + CHAOS_CENTER_UI_ENDPOINT: "" + ENABLE_GQL_INTROSPECTION: "false" + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + podAnnotations: {} + authServer: + replicas: 1 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + automountServiceAccountToken: false + image: + repository: litmusportal-auth-server + tag: 3.19.0 + pullPolicy: "Always" + ports: + - name: auth-server + containerPort: 3000 + - name: auth-rpc-server + containerPort: 3030 + service: + annotations: {} + type: ClusterIP + authRestServer: + port: 9003 + targetPort: 3000 + authRpcServer: + port: 3030 + targetPort: 3030 + env: {} + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + volumeMounts: [] + volumes: [] + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# OpenShift specific configuration +openshift: + enabled: false # default false for vanilla kubernetes + anyuid: false # # if true service account will obtain permission for using anyuid scc + sccName: litmus-chaos-scc # name of scc to be used + + # If service should be exposed using an OpenShift route + route: + enabled: false + name: litmus-portal + customLabels: {} + annotations: {} + host: "litmus-portal.apps-crc.testing" + +# -- Configure the Bitnami MongoDB subchart +# see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml +mongodb: + # For some environments, mongo pings can take time to resolve + livenessProbe: + timeoutSeconds: 20 + readinessProbe: + timeoutSeconds: 20 + # Required when using Mac M1 - https://github.com/bitnami/containers/issues/40947#issuecomment-1968364385 + # extraEnvVars: + # - name: EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU + # value: "1" + enabled: true + auth: + enabled: true + rootUser: "root" + rootPassword: "1234" + # -- existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + existingSecret: "" + architecture: replicaset + replicaCount: 3 + persistence: + enabled: true + volumePermissions: + enabled: true + metrics: + enabled: false + prometheusRule: + enabled: false + # Required when using Mac M1 - https://github.com/bitnami/containers/issues/40947#issuecomment-1968364385 + # arbiter: + # extraEnvVars: + # - name: EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU + # value: "1" diff --git a/charts/litmus/values.yaml b/charts/litmus/values.yaml index 0868eeab..660c952f 100644 --- a/charts/litmus/values.yaml +++ b/charts/litmus/values.yaml @@ -347,13 +347,17 @@ portal: # OpenShift specific configuration openshift: + enabled: false # default false for vanilla kubernetes + anyuid: false # # if true service account will obtain permission for using anyuid scc + sccName: litmus-chaos-scc # name of scc to be used + # If service should be exposed using an OpenShift route route: enabled: false name: litmus-portal customLabels: {} annotations: {} - host: "" + host: "litmus-portal.apps-crc.testing" # -- Configure the Bitnami MongoDB subchart # see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml