Skip to content

Instantly share code, notes, and snippets.

@AlperRehaYAZGAN

AlperRehaYAZGAN/litmus-2.12.0.yaml

Last active September 21, 2022 14:15
Show Gist options
  • Save AlperRehaYAZGAN/afb1c6efa341695e904dd08e0092902d to your computer and use it in GitHub Desktop.
Save AlperRehaYAZGAN/afb1c6efa341695e904dd08e0092902d to your computer and use it in GitHub Desktop.
Download ZIP
litmus/2.12.0/litmus-2.12.0.yaml modified for bulutbilisimciler.com scenario.
Raw
litmus-2.12.0.yaml
### RBAC Manifests
## If SELF_AGENT="true" then these permissions are required to apply
## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-cr-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [pods, pods/exec]
verbs: [create, get, list, watch, update, patch, delete]
- apiGroups: [""]
resources: [configmaps]
verbs: [get, watch, list]
- apiGroups: [""]
resources: [persistentvolumeclaims]
verbs: [create, delete]
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers]
verbs: [get, list, watch, update, patch, delete, create]
- apiGroups: [argoproj.io]
resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets]
verbs: [get, list, watch]
- apiGroups: [argoproj.io]
resources: [workflowtaskresults]
verbs: [list, watch, deletecollection]
- apiGroups: [""]
resources: [serviceaccounts]
verbs: [get, list]
- apiGroups: [argoproj.io]
resources: [cronworkflows, cronworkflows/finalizers]
verbs: [get, list, watch, update, patch, delete]
- apiGroups: [""]
resources: [events]
verbs: [create, patch]
- apiGroups: [policy]
resources: [poddisruptionbudgets]
verbs: [create, get, delete]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: litmus-cluster-scope-for-litmusportal-server
labels:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: 2.13.0
app.kubernetes.io/component: operator-clusterrole
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
name: litmus-cluster-scope-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [replicationcontrollers, secrets]
verbs: [get, list]
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [get, list]
- apiGroups: [apps]
resources: [deployments, daemonsets, replicasets, statefulsets]
verbs: [get, list]
- apiGroups: [batch]
resources: [jobs]
verbs: [get, list, deletecollection]
- apiGroups: [argoproj.io]
resources: [rollouts]
verbs: [get, list]
- apiGroups: [""]
resources: [pods, configmaps, events, services]
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults]
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
- apiGroups: [apiextensions.k8s.io]
resources: [customresourcedefinitions]
verbs: [list, get]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines/finalizers"]
verbs: ["update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: litmus-cluster-scope-crb-for-litmusportal-server
labels:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: 2.13.0
app.kubernetes.io/component: operator-clusterrolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
name: litmus-cluster-scope-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: litmus-cluster-scope-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: litmus-admin-cr-for-litmusportal-server
labels:
name: litmus-admin-cr-for-litmusportal-server
rules:
# ***************************************************************************************
# Permissions needed for preparing and monitor the chaos resources by chaos-runner
# ***************************************************************************************
# The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
## .. by creating the chaos-runner
# for creating and monitoring the chaos-runner pods
- apiGroups: [""]
resources: [pods,events]
verbs: [create, delete, get, list, patch, update, deletecollection]
# for fetching configmaps and secrets to inject into chaos-runner pod (if spefied)
- apiGroups: [""]
resources: [secrets, configmaps]
verbs: [get, list]
# for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
# for configuring and monitor the experiment job by chaos-runner pod
- apiGroups: [batch]
resources: [jobs]
verbs: [create, list, get, delete, deletecollection]
# ********************************************************************
# Permissions needed for creation and discovery of chaos experiments
# ********************************************************************
# The helper pods are created by experiment to perform the actual chaos injection ...
# ... for a period of chaos duration
# for creating and deleting the helper or target app pod and events by experiment
- apiGroups: [""]
resources: [pods]
verbs: [create, delete, deletecollection]
# for creating and monitoring the events for chaos operations
- apiGroups: [""]
resources: [events]
verbs: [create, delete, get, list, patch, update, deletecollection]
# for monitoring the helper and target app pod
- apiGroups: [""]
resources: [pods]
verbs: [get, list, patch, update]
# for creating and managing to execute comands inside target container
- apiGroups: [""]
resources: [pods/exec, pods/eviction, replicationcontrollers]
verbs: [get,list,create]
# for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
# for creating and monitoring liveness services or monitoring target app services during chaos injection
- apiGroups: [""]
resources: [services]
verbs: [create, delete, get, list, delete, deletecollection]
# for checking the app parent resources as deployments or sts and are eligible chaos candidates
- apiGroups: [apps]
resources: [deployments, statefulsets]
verbs: [list, get, patch, update, create, delete]
# for checking the app parent resources as replicasets and are eligible chaos candidates
- apiGroups: [apps]
resources: [replicasets]
verbs: [list, get]
# for checking the app parent resources as deamonsets and are eligible chaos candidates
- apiGroups: [apps]
resources: [daemonsets]
verbs: [list, get, delete]
# for checking (openshift) app parent resources if they are eligible chaos candidates
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [list, get]
# for checking (argo) app parent resources if they are eligible chaos candidates
- apiGroups: [argoproj.io]
resources: [rollouts]
verbs: [list, get]
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults]
verbs: [create, list, get, patch, update, delete]
# for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
- apiGroups: [""]
resources: [nodes]
verbs: [patch, get, list, update]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: litmus-admin-crb-for-litmusportal-server
labels:
name: litmus-admin-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: litmus-admin-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: chaos-cr-for-litmusportal-server
rules:
# for managing the pods created by workflow controller to implement individual steps in the workflow
- apiGroups: [""]
resources: [pods, services, namespaces]
verbs: [create, get, watch, patch, delete, list]
# for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
- apiGroups: [""]
resources: [pods/log, secrets, configmaps]
verbs: [get, watch, create, delete, patch]
# for creation & deletion of application in predefined workflows
- apiGroups: [apps]
resources: [deployments, statefulsets]
verbs: [get, watch, patch, create, delete]
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
verbs: [create, list, get, patch, delete, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: chaos-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: chaos-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: subscriber-cr-for-litmusportal-server
namespace: litmus
labels:
name: subscriber-cr-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [configmaps, secrets]
verbs: [get, create, delete, update]
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
- apiGroups: [""]
resources: [pods, namespaces, nodes, services]
verbs: [get, list, watch]
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosschedules, chaosresults]
verbs: [get, list, create, delete, update, watch]
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [get, list]
- apiGroups: [apps]
resources: [deployments, daemonsets, replicasets, statefulsets]
verbs: [get, list, delete]
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts]
verbs: [get, list, create, delete, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: subscriber-crb-for-litmusportal-server
namespace: litmus
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
roleRef:
kind: ClusterRole
name: subscriber-cr-for-litmusportal-server
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: event-tracker-cr-for-litmusportal-server
rules:
- apiGroups: [eventtracker.litmuschaos.io]
resources: [eventtrackerpolies]
verbs: [create, delete, get, list, patch, update, watch]
- apiGroups: [eventtracker.litmuschaos.io]
resources: [eventtrackerpolies/status]
verbs: [get, patch, update]
- apiGroups: ["", extensions, apps]
resources: [deployments, daemonsets, statefulsets, pods, configmaps, secrets]
verbs: [get, list, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: event-tracker-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: event-tracker-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
# litmus-server-cr is used by the litmusportal-server
# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: litmus-server-cr
rules:
- apiGroups: [networking.k8s.io, extensions]
resources: [ingresses]
verbs: [get]
- apiGroups: [""]
resources: [services, nodes, pods/log]
verbs: [get, watch]
- apiGroups: [apiextensions.k8s.io]
resources: [customresourcedefinitions]
verbs: [create]
- apiGroups: [apps]
resources: [deployments]
verbs: [create]
- apiGroups: [""]
resources: [configmaps]
verbs: [get]
- apiGroups: [""]
resources: [serviceaccounts]
verbs: [create]
- apiGroups: [rbac.authorization.k8s.io]
resources: [rolebindings, roles, clusterrolebindings, clusterroles]
verbs: [create]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: litmus-server-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: litmus-server-cr
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
## Control plane manifests
---
apiVersion: v1
kind: Namespace
metadata:
name: litmus
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: litmus-server-account
namespace: litmus
---
apiVersion: v1
kind: Secret
metadata:
name: litmus-portal-admin-secret
namespace: litmus
stringData:
JWT_SECRET: "litmus-portal@123"
DB_USER: "admin"
DB_PASSWORD: "1234"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: litmus-portal-admin-config
namespace: litmus
data:
DB_SERVER: "mongodb://mongo-service:27017"
AGENT_SCOPE: cluster
AGENT_NAMESPACE: litmus
VERSION: "2.13.0"
SKIP_SSL_VERIFY: "false"
# Configurations if you are using dex for OAuth
DEX_ENABLED: "false"
OIDC_ISSUER: "http://<Your Domain>:32000"
DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
OAuthJwtSecret: "litmus-oauth@123"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: litmusportal-frontend-nginx-configuration
namespace: litmus
data:
default.conf: |
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8080;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_http_version 1.1;
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri /index.html;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
location /auth/ {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://litmusportal-auth-server-service:9003/";
}
location /api/ {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://litmusportal-server-service:9002/";
}
location /ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://litmusportal-server-service:9002/";
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litmusportal-frontend
namespace: litmus
labels:
component: litmusportal-frontend
spec:
replicas: 1
selector:
matchLabels:
component: litmusportal-frontend
template:
metadata:
labels:
component: litmusportal-frontend
spec:
automountServiceAccountToken: false
containers:
- name: litmusportal-frontend
image: litmuschaos/litmusportal-frontend:2.13.0
imagePullPolicy: Always
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false
runAsNonRoot: true
ports:
- containerPort: 8080
resources:
requests:
memory: "150Mi"
cpu: "125m"
ephemeral-storage: "500Mi"
limits:
memory: "512Mi"
cpu: "550m"
ephemeral-storage: "1Gi"
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
volumes:
- name: nginx-config
configMap:
name: litmusportal-frontend-nginx-configuration
---
apiVersion: v1
kind: Service
metadata:
name: litmusportal-frontend-service
namespace: litmus
spec:
type: NodePort
ports:
- name: http
port: 9091
targetPort: 8080
selector:
component: litmusportal-frontend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litmusportal-server
namespace: litmus
labels:
component: litmusportal-server
spec:
replicas: 1
selector:
matchLabels:
component: litmusportal-server
template:
metadata:
labels:
component: litmusportal-server
spec:
initContainers:
- name: wait-for-mongodb
image: litmuschaos/curl:2.12.0
command: ["/bin/sh", "-c"]
args:
[
"while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
]
resources:
requests:
memory: "150Mi"
cpu: "25m"
ephemeral-storage: "500Mi"
limits:
memory: "512Mi"
cpu: "250m"
ephemeral-storage: "1Gi"
volumes:
- name: gitops-storage
emptyDir: {}
- name: hub-storage
emptyDir: {}
containers:
- name: graphql-server
image: litmuschaos/litmusportal-server:2.13.0
volumeMounts:
- mountPath: /tmp/
name: gitops-storage
- mountPath: /tmp/version
name: hub-storage
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false
runAsNonRoot: true
readOnlyRootFilesystem: true
envFrom:
- configMapRef:
name: litmus-portal-admin-config
- secretRef:
name: litmus-portal-admin-secret
env:
- name: SELF_AGENT
value: "true"
# if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
- name: TLS_SECRET_NAME
value: ""
- name: LITMUS_PORTAL_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CHAOS_CENTER_SCOPE
value: "cluster"
- name: SUBSCRIBER_IMAGE
value: "litmuschaos/litmusportal-subscriber:2.13.0"
- name: EVENT_TRACKER_IMAGE
value: "litmuschaos/litmusportal-event-tracker:2.13.0"
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
value: "litmuschaos/workflow-controller:v3.3.1"
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
value: "litmuschaos/argoexec:v3.3.1"
- name: LITMUS_CHAOS_OPERATOR_IMAGE
value: "litmuschaos/chaos-operator:2.12.0"
- name: LITMUS_CHAOS_RUNNER_IMAGE
value: "litmuschaos/chaos-runner:2.12.0"
- name: LITMUS_CHAOS_EXPORTER_IMAGE
value: "litmuschaos/chaos-exporter:2.12.0"
- name: SERVER_SERVICE_NAME
value: "litmusportal-server-service"
- name: AGENT_DEPLOYMENTS
value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: SELF_AGENT_NODE_SELECTOR
value: ""
- name: SELF_AGENT_TOLERATIONS
value: ""
- name: CHAOS_CENTER_UI_ENDPOINT
value: ""
- name: INGRESS
value: "false"
- name: INGRESS_NAME
value: "litmus-ingress"
- name: CONTAINER_RUNTIME_EXECUTOR
value: "k8sapi"
- name: HUB_BRANCH_NAME
value: "v2.12.x"
- name: LITMUS_AUTH_GRPC_ENDPOINT
value: "litmusportal-auth-server-service.litmus.svc.cluster.local"
- name: LITMUS_AUTH_GRPC_PORT
value: ":3030"
- name: WORKFLOW_HELPER_IMAGE_VERSION
value: "2.12.0"
- name: REMOTE_HUB_MAX_SIZE
value: "5000000"
ports:
- containerPort: 8080
- containerPort: 8000
imagePullPolicy: Always
resources:
requests:
memory: "250Mi"
cpu: "225m"
ephemeral-storage: "500Mi"
limits:
memory: "712Mi"
cpu: "550m"
ephemeral-storage: "1Gi"
serviceAccountName: litmus-server-account
---
apiVersion: v1
kind: Service
metadata:
name: litmusportal-server-service
namespace: litmus
spec:
type: NodePort
ports:
- name: graphql-server
port: 9002
targetPort: 8080
- name: graphql-rpc-server
port: 8000
targetPort: 8000
selector:
component: litmusportal-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litmusportal-auth-server
namespace: litmus
labels:
component: litmusportal-auth-server
spec:
replicas: 1
selector:
matchLabels:
component: litmusportal-auth-server
template:
metadata:
labels:
component: litmusportal-auth-server
spec:
automountServiceAccountToken: false
initContainers:
- name: wait-for-mongodb
image: litmuschaos/curl:2.12.0
command: ["/bin/sh", "-c"]
args:
[
"while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
]
resources:
requests:
memory: "150Mi"
cpu: "25m"
ephemeral-storage: "500Mi"
limits:
memory: "225Mi"
cpu: "250m"
ephemeral-storage: "1Gi"
containers:
- name: auth-server
image: litmuschaos/litmusportal-auth-server:2.13.0
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false
runAsNonRoot: true
readOnlyRootFilesystem: true
envFrom:
- configMapRef:
name: litmus-portal-admin-config
- secretRef:
name: litmus-portal-admin-secret
env:
- name: STRICT_PASSWORD_POLICY
value: "false"
- name: ADMIN_USERNAME
value: "admin"
- name: ADMIN_PASSWORD
value: "litmus"
- name: LITMUS_GQL_GRPC_ENDPOINT
value: "litmusportal-server-service.litmus.svc.cluster.local"
- name: LITMUS_GQL_GRPC_PORT
value: ":8000"
resources:
requests:
memory: "250Mi"
cpu: "225m"
ephemeral-storage: "500Mi"
limits:
memory: "712Mi"
cpu: "550m"
ephemeral-storage: "1Gi"
ports:
- containerPort: 3000
- containerPort: 3030
imagePullPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: litmusportal-auth-server-service
namespace: litmus
spec:
type: NodePort
ports:
- name: auth-server
port: 9003
targetPort: 3000
- name: auth-rpc-server
port: 3030
targetPort: 3030
selector:
component: litmusportal-auth-server
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
namespace: litmus
labels:
app: mongo
spec:
selector:
matchLabels:
component: database
serviceName: mongo-headless-service
replicas: 1
template:
metadata:
labels:
component: database
spec:
automountServiceAccountToken: false
containers:
- name: mongo
image: litmuschaos/mongo:4.2.8
securityContext:
# runAsUser: 2000
allowPrivilegeEscalation: false
# runAsNonRoot: true
args: ["--ipv6"]
ports:
- containerPort: 27017
imagePullPolicy: Always
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
resources:
requests:
memory: "550Mi"
cpu: "225m"
ephemeral-storage: "1Gi"
limits:
memory: "1Gi"
cpu: "750m"
ephemeral-storage: "3Gi"
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: litmus-portal-admin-secret
key: DB_USER
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: litmus-portal-admin-secret
key: DB_PASSWORD
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "standard"
annotations:
volume.beta.kubernetes.io/storage-class: "standard"
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
labels:
app: mongo
name: mongo-service
namespace: litmus
spec:
ports:
- port: 27017
targetPort: 27017
selector:
component: database
---
apiVersion: v1
kind: Service
metadata:
labels:
app: mongo
name: mongo-headless-service
namespace: litmus
spec:
clusterIP: None
ports:
- port: 27017
targetPort: 27017
selector:
component: database
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment