From 085d8b1aeb9fd0225c05eabfc10f0827939c96f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Tue, 16 Apr 2024 13:51:49 +0200 Subject: [PATCH] Adding fission for real --- ...ration_mutating-webhook-configuration.yaml | 26 + ...tion_validating-webhook-configuration.yaml | 146 ++++++ .../apps_v1_Deployment_buildermgr.yaml | 86 ++++ core/fission/apps_v1_Deployment_executor.yaml | 111 +++++ .../apps_v1_Deployment_kubewatcher.yaml | 61 +++ .../apps_v1_Deployment_mqtrigger-keda.yaml | 75 +++ core/fission/apps_v1_Deployment_router.yaml | 118 +++++ .../apps_v1_Deployment_storagesvc.yaml | 97 ++++ core/fission/apps_v1_Deployment_timer.yaml | 61 +++ core/fission/apps_v1_Deployment_webhook.yaml | 48 ++ core/fission/certs.tf | 35 ++ core/fission/datas.tf | 453 ++++++++++++++++++ core/fission/index.yaml | 307 ++++++++++++ ...fission-v1-20-1-buildermgr-fission-cr.yaml | 13 + ...oleBinding_fission-v1-20-1-buildermgr.yaml | 13 + ...g_fission-v1-20-1-executor-fission-cr.yaml | 13 + ...rRoleBinding_fission-v1-20-1-executor.yaml | 13 + ...nding_fission-v1-20-1-fission-builder.yaml | 13 + ...ion-v1-20-1-fission-fetcher-websocket.yaml | 13 + ...nding_fission-v1-20-1-fission-fetcher.yaml | 13 + ...RoleBinding_fission-v1-20-1-fluentbit.yaml | 13 + ...nding_fission-v1-20-1-keda-fission-cr.yaml | 13 + ...usterRoleBinding_fission-v1-20-1-keda.yaml | 13 + ...ission-v1-20-1-kubewatcher-fission-cr.yaml | 13 + ...leBinding_fission-v1-20-1-kubewatcher.yaml | 13 + ...ing_fission-v1-20-1-router-fission-cr.yaml | 13 + ...terRoleBinding_fission-v1-20-1-router.yaml | 13 + ...fission-v1-20-1-storagesvc-fission-cr.yaml | 13 + ...ding_fission-v1-20-1-timer-fission-cr.yaml | 13 + ...sterRoleBinding_fission-v1-20-1-timer.yaml | 13 + ...fission-v1-20-1-buildermgr-fission-cr.yaml | 20 + ...lusterRole_fission-v1-20-1-buildermgr.yaml | 43 ++ ...e_fission-v1-20-1-executor-fission-cr.yaml | 20 + ..._ClusterRole_fission-v1-20-1-executor.yaml | 99 ++++ ...rRole_fission-v1-20-1-fission-builder.yaml | 19 + ...ion-v1-20-1-fission-fetcher-websocket.yaml | 23 + ...rRole_fission-v1-20-1-fission-fetcher.yaml | 19 + ...ClusterRole_fission-v1-20-1-fluentbit.yaml | 14 + ...rRole_fission-v1-20-1-keda-fission-cr.yaml | 21 + ...o_v1_ClusterRole_fission-v1-20-1-keda.yaml | 99 ++++ ...ission-v1-20-1-kubewatcher-fission-cr.yaml | 21 + ...usterRole_fission-v1-20-1-kubewatcher.yaml | 35 ++ ...ole_fission-v1-20-1-router-fission-cr.yaml | 21 + ...v1_ClusterRole_fission-v1-20-1-router.yaml | 26 + ...fission-v1-20-1-storagesvc-fission-cr.yaml | 13 + ...Role_fission-v1-20-1-timer-fission-cr.yaml | 21 + ..._v1_ClusterRole_fission-v1-20-1-timer.yaml | 6 + core/fission/ressources_no_ns.tf | 45 ++ core/fission/v1_ConfigMap_feature-config.yaml | 8 + ...istentVolumeClaim_fission-storage-pvc.yaml | 15 + .../v1_ServiceAccount_fission-builder.yaml | 6 + .../v1_ServiceAccount_fission-buildermgr.yaml | 7 + .../v1_ServiceAccount_fission-executor.yaml | 6 + .../v1_ServiceAccount_fission-fetcher.yaml | 6 + .../v1_ServiceAccount_fission-fluentbit.yaml | 6 + .../v1_ServiceAccount_fission-keda.yaml | 6 + ...v1_ServiceAccount_fission-kubewatcher.yaml | 6 + .../v1_ServiceAccount_fission-router.yaml | 6 + .../v1_ServiceAccount_fission-storagesvc.yaml | 6 + .../v1_ServiceAccount_fission-timer.yaml | 6 + .../v1_ServiceAccount_fission-webhook.yaml | 6 + core/fission/v1_Service_executor.yaml | 15 + core/fission/v1_Service_router.yaml | 16 + core/fission/v1_Service_storagesvc.yaml | 16 + core/fission/v1_Service_webhook-service.yaml | 16 + meta/addons/crds.tf | 2 +- meta/addons/fission.tf | 30 ++ meta/addons/index.yaml | 15 + workflow/tekton-pipelines/datas.tf | 14 + workflow/tekton-triggers/datas.tf | 66 ++- 70 files changed, 2672 insertions(+), 18 deletions(-) create mode 100644 core/fission/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_mutating-webhook-configuration.yaml create mode 100644 core/fission/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_validating-webhook-configuration.yaml create mode 100644 core/fission/apps_v1_Deployment_buildermgr.yaml create mode 100644 core/fission/apps_v1_Deployment_executor.yaml create mode 100644 core/fission/apps_v1_Deployment_kubewatcher.yaml create mode 100644 core/fission/apps_v1_Deployment_mqtrigger-keda.yaml create mode 100644 core/fission/apps_v1_Deployment_router.yaml create mode 100644 core/fission/apps_v1_Deployment_storagesvc.yaml create mode 100644 core/fission/apps_v1_Deployment_timer.yaml create mode 100644 core/fission/apps_v1_Deployment_webhook.yaml create mode 100644 core/fission/certs.tf create mode 100644 core/fission/datas.tf create mode 100644 core/fission/index.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-builder.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher-websocket.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fluentbit.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-storagesvc-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-builder.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher-websocket.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fluentbit.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-storagesvc-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer-fission-cr.yaml create mode 100644 core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer.yaml create mode 100644 core/fission/ressources_no_ns.tf create mode 100644 core/fission/v1_ConfigMap_feature-config.yaml create mode 100644 core/fission/v1_PersistentVolumeClaim_fission-storage-pvc.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-builder.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-buildermgr.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-executor.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-fetcher.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-fluentbit.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-keda.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-kubewatcher.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-router.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-storagesvc.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-timer.yaml create mode 100644 core/fission/v1_ServiceAccount_fission-webhook.yaml create mode 100644 core/fission/v1_Service_executor.yaml create mode 100644 core/fission/v1_Service_router.yaml create mode 100644 core/fission/v1_Service_storagesvc.yaml create mode 100644 core/fission/v1_Service_webhook-service.yaml create mode 100644 meta/addons/fission.tf diff --git a/core/fission/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_mutating-webhook-configuration.yaml b/core/fission/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_mutating-webhook-configuration.yaml new file mode 100644 index 0000000..4fa4cf3 --- /dev/null +++ b/core/fission/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_mutating-webhook-configuration.yaml @@ -0,0 +1,26 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /mutate-fission-io-v1-package + failurePolicy: Fail + name: mpackage.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - packages + sideEffects: None \ No newline at end of file diff --git a/core/fission/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_validating-webhook-configuration.yaml b/core/fission/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_validating-webhook-configuration.yaml new file mode 100644 index 0000000..6f90bb1 --- /dev/null +++ b/core/fission/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_validating-webhook-configuration.yaml @@ -0,0 +1,146 @@ +# Source: fission-all/templates/webhook-server/webhooks.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /validate-fission-io-v1-environment + failurePolicy: Fail + name: venvironment.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + resources: + - environments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /validate-fission-io-v1-function + failurePolicy: Fail + name: vfunction.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - functions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /validate-fission-io-v1-httptrigger + failurePolicy: Fail + name: vhttptrigger.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - httptriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /validate-fission-io-v1-kuberneteswatchtrigger + failurePolicy: Fail + name: vkuberneteswatchtrigger.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - kuberneteswatchtriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /validate-fission-io-v1-messagequeuetrigger + failurePolicy: Fail + name: vmessagequeuetrigger.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - messagequeuetriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /validate-fission-io-v1-package + failurePolicy: Fail + name: vpackage.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - packages + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: fission + path: /validate-fission-io-v1-timetrigger + failurePolicy: Fail + name: vtimetrigger.fission.io + rules: + - apiGroups: + - fission.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - timetriggers + sideEffects: None \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_buildermgr.yaml b/core/fission/apps_v1_Deployment_buildermgr.yaml new file mode 100644 index 0000000..6710dbd --- /dev/null +++ b/core/fission/apps_v1_Deployment_buildermgr.yaml @@ -0,0 +1,86 @@ +# Source: fission-all/templates/buildermgr/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: buildermgr + labels: + chart: "fission-all-v1.20.1" + svc: buildermgr +spec: + replicas: 1 + selector: + matchLabels: + svc: buildermgr + template: + metadata: + labels: + svc: buildermgr + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8080" + spec: + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + containers: + - name: buildermgr + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--builderMgr", "--storageSvcUrl", "http://storagesvc.fission"] + env: + - name: FETCHER_IMAGE + value: "fission/fetcher:v1.20.1" + - name: FETCHER_IMAGE_PULL_POLICY + value: "IfNotPresent" + - name: BUILDER_IMAGE_PULL_POLICY + value: "IfNotPresent" + - name: ENABLE_ISTIO + value: "false" + - name: FETCHER_MINCPU + value: "10m" + - name: FETCHER_MINMEM + value: "16Mi" + - name: FETCHER_MAXCPU + value: "" + - name: FETCHER_MAXMEM + value: "" + - name: DEBUG_ENV + value: "false" + - name: PPROF_ENABLED + value: "false" + - name: HELM_RELEASE_NAME + value: "fission-v1-20-1" + - name: FISSION_BUILDER_NAMESPACE + value: "" + - name: FISSION_FUNCTION_NAMESPACE + value: "" + - name: FISSION_DEFAULT_NAMESPACE + value: "default" + - name: FISSION_RESOURCE_NAMESPACES + value: default + - name: KUBE_CLIENT_QPS + value: "200" + - name: KUBE_CLIENT_BURST + value: "500" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: "" + - name: OTEL_EXPORTER_OTLP_INSECURE + value: "true" + - name: OTEL_TRACES_SAMPLER + value: "parentbased_traceidratio" + - name: OTEL_TRACES_SAMPLER_ARG + value: "0.1" + - name: OTEL_PROPAGATORS + value: "tracecontext,baggage" + ports: + - containerPort: 8080 + name: metrics + resources: + {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + serviceAccountName: fission-buildermgr \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_executor.yaml b/core/fission/apps_v1_Deployment_executor.yaml new file mode 100644 index 0000000..d70d8a0 --- /dev/null +++ b/core/fission/apps_v1_Deployment_executor.yaml @@ -0,0 +1,111 @@ +# Source: fission-all/templates/executor/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: executor + labels: + chart: "fission-all-v1.20.1" + svc: executor +spec: + replicas: 1 + selector: + matchLabels: + svc: executor + template: + metadata: + labels: + svc: executor + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8080" + spec: + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + containers: + - name: executor + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--executorPort", "8888"] + env: + - name: FETCHER_IMAGE + value: "fission/fetcher:v1.20.1" + - name: FETCHER_IMAGE_PULL_POLICY + value: "IfNotPresent" + - name: RUNTIME_IMAGE_PULL_POLICY + value: "IfNotPresent" + - name: ADOPT_EXISTING_RESOURCES + value: "false" + - name: POD_READY_TIMEOUT + value: "300s" + - name: ENABLE_ISTIO + value: "false" + - name: FETCHER_MINCPU + value: "10m" + - name: FETCHER_MINMEM + value: "16Mi" + - name: FETCHER_MAXCPU + value: "" + - name: FETCHER_MAXMEM + value: "" + - name: DEBUG_ENV + value: "false" + - name: PPROF_ENABLED + value: "false" + - name: OBJECT_REAPER_INTERVAL + value: "5" + - name: SERVICEACCOUNT_CHECK_ENABLED + value: "true" + - name: SERVICEACCOUNT_CHECK_INTERVAL + value: "0" + - name: FISSION_BUILDER_NAMESPACE + value: "" + - name: FISSION_FUNCTION_NAMESPACE + value: "" + - name: FISSION_DEFAULT_NAMESPACE + value: "default" + - name: FISSION_RESOURCE_NAMESPACES + value: default + - name: KUBE_CLIENT_QPS + value: "200" + - name: KUBE_CLIENT_BURST + value: "500" + - name: HELM_RELEASE_NAME + value: "fission-v1-20-1" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: "" + - name: OTEL_EXPORTER_OTLP_INSECURE + value: "true" + - name: OTEL_TRACES_SAMPLER + value: "parentbased_traceidratio" + - name: OTEL_TRACES_SAMPLER_ARG + value: "0.1" + - name: OTEL_PROPAGATORS + value: "tracecontext,baggage" + resources: + {} + readinessProbe: + httpGet: + path: "/healthz" + port: 8888 + initialDelaySeconds: 1 + periodSeconds: 1 + failureThreshold: 30 + livenessProbe: + httpGet: + path: "/healthz" + port: 8888 + initialDelaySeconds: 35 + periodSeconds: 5 + ports: + - containerPort: 8080 + name: metrics + - containerPort: 8888 + name: http + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + serviceAccountName: fission-executor \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_kubewatcher.yaml b/core/fission/apps_v1_Deployment_kubewatcher.yaml new file mode 100644 index 0000000..de1af8a --- /dev/null +++ b/core/fission/apps_v1_Deployment_kubewatcher.yaml @@ -0,0 +1,61 @@ +# Source: fission-all/templates/kubewatcher/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kubewatcher + labels: + chart: "fission-all-v1.20.1" + svc: kubewatcher +spec: + replicas: 1 + selector: + matchLabels: + svc: kubewatcher + template: + metadata: + labels: + svc: kubewatcher + spec: + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + containers: + - name: kubewatcher + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--kubewatcher", "--routerUrl", "http://router.fission"] + env: + - name: DEBUG_ENV + value: "false" + - name: PPROF_ENABLED + value: "false" + - name: FISSION_BUILDER_NAMESPACE + value: "" + - name: FISSION_FUNCTION_NAMESPACE + value: "" + - name: FISSION_DEFAULT_NAMESPACE + value: "default" + - name: FISSION_RESOURCE_NAMESPACES + value: default + - name: KUBE_CLIENT_QPS + value: "200" + - name: KUBE_CLIENT_BURST + value: "500" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: "" + - name: OTEL_EXPORTER_OTLP_INSECURE + value: "true" + - name: OTEL_TRACES_SAMPLER + value: "parentbased_traceidratio" + - name: OTEL_TRACES_SAMPLER_ARG + value: "0.1" + - name: OTEL_PROPAGATORS + value: "tracecontext,baggage" + resources: + {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + serviceAccountName: fission-kubewatcher \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_mqtrigger-keda.yaml b/core/fission/apps_v1_Deployment_mqtrigger-keda.yaml new file mode 100644 index 0000000..82382a9 --- /dev/null +++ b/core/fission/apps_v1_Deployment_mqtrigger-keda.yaml @@ -0,0 +1,75 @@ +# Source: fission-all/templates/mqt-keda/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mqtrigger-keda + labels: + chart: "fission-all-v1.20.1" + svc: mqtrigger-keda + messagequeue: keda +spec: + replicas: 1 + selector: + matchLabels: + svc: mqtrigger-keda + messagequeue: keda + template: + metadata: + labels: + svc: mqtrigger-keda + messagequeue: keda + spec: + containers: + - name: mqtrigger-keda + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--mqt_keda", "--routerUrl", "http://router.fission"] + env: + - name: DEBUG_ENV + value: "false" + - name: CONNECTOR_IMAGE_PULL_POLICY + value: "IfNotPresent" + - name: KAFKA_IMAGE + value: "ghcr.io/fission/keda-kafka-http-connector:v0.13" + - name: RABBITMQ_IMAGE + value: "ghcr.io/fission/keda-rabbitmq-http-connector:v0.11" + - name: AWS-KINESIS-STREAM_IMAGE + value: "ghcr.io/fission/keda-aws-kinesis-http-connector:v0.11" + - name: AWS-SQS-QUEUE_IMAGE + value: "ghcr.io/fission/keda-aws-sqs-http-connector:v0.12" + - name: STAN_IMAGE + value: "ghcr.io/fission/keda-nats-streaming-http-connector:v0.14" + - name: NATS-JETSTREAM_IMAGE + value: "ghcr.io/fission/keda-nats-jetstream-http-connector:v0.5" + - name: GCP-PUBSUB_IMAGE + value: "ghcr.io/fission/keda-gcp-pubsub-http-connector:v0.7" + - name: REDIS_IMAGE + value: "ghcr.io/fission/keda-redis-http-connector:v0.4" + - name: FISSION_BUILDER_NAMESPACE + value: "" + - name: FISSION_FUNCTION_NAMESPACE + value: "" + - name: FISSION_DEFAULT_NAMESPACE + value: "default" + - name: FISSION_RESOURCE_NAMESPACES + value: default + - name: KUBE_CLIENT_QPS + value: "200" + - name: KUBE_CLIENT_BURST + value: "500" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: "" + - name: OTEL_EXPORTER_OTLP_INSECURE + value: "true" + - name: OTEL_TRACES_SAMPLER + value: "parentbased_traceidratio" + - name: OTEL_TRACES_SAMPLER_ARG + value: "0.1" + - name: OTEL_PROPAGATORS + value: "tracecontext,baggage" + resources: + {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + serviceAccountName: fission-keda \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_router.yaml b/core/fission/apps_v1_Deployment_router.yaml new file mode 100644 index 0000000..e50d4d7 --- /dev/null +++ b/core/fission/apps_v1_Deployment_router.yaml @@ -0,0 +1,118 @@ +# Source: fission-all/templates/router/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: router + labels: + chart: "fission-all-v1.20.1" + svc: router + application: fission-router +spec: + replicas: 1 + selector: + matchLabels: + application: fission-router + svc: router + template: + metadata: + labels: + application: fission-router + svc: router + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8080" + spec: + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + containers: + - name: router + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--routerPort", "8888", "--executorUrl", "http://executor.fission"] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ROUTER_ROUND_TRIP_TIMEOUT + value: "50ms" + - name: ROUTER_ROUNDTRIP_TIMEOUT_EXPONENT + value: "2" + - name: ROUTER_ROUND_TRIP_KEEP_ALIVE_TIME + value: "30s" + - name: ROUTER_ROUND_TRIP_DISABLE_KEEP_ALIVE + value: "true" + - name: ROUTER_ROUND_TRIP_MAX_RETRIES + value: "10" + - name: ROUTER_SVC_ADDRESS_MAX_RETRIES + value: "5" + - name: ROUTER_SVC_ADDRESS_UPDATE_TIMEOUT + value: "30s" + - name: ROUTER_UNTAP_SERVICE_TIMEOUT + value: "3600s" + - name: USE_ENCODED_PATH + value: "false" + - name: DEBUG_ENV + value: "false" + - name: PPROF_ENABLED + value: "false" + - name: DISPLAY_ACCESS_LOG + value: "false" + - name: FISSION_BUILDER_NAMESPACE + value: "" + - name: FISSION_FUNCTION_NAMESPACE + value: "" + - name: FISSION_DEFAULT_NAMESPACE + value: "default" + - name: FISSION_RESOURCE_NAMESPACES + value: default + - name: KUBE_CLIENT_QPS + value: "200" + - name: KUBE_CLIENT_BURST + value: "500" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: "" + - name: OTEL_EXPORTER_OTLP_INSECURE + value: "true" + - name: OTEL_TRACES_SAMPLER + value: "parentbased_traceidratio" + - name: OTEL_TRACES_SAMPLER_ARG + value: "0.1" + - name: OTEL_PROPAGATORS + value: "tracecontext,baggage" + resources: + {} + readinessProbe: + httpGet: + path: "/router-healthz" + port: 8888 + initialDelaySeconds: 1 + periodSeconds: 1 + failureThreshold: 30 + livenessProbe: + httpGet: + path: "/router-healthz" + port: 8888 + initialDelaySeconds: 35 + periodSeconds: 5 + volumeMounts: + - name: config-volume + mountPath: /etc/config/config.yaml + subPath: config.yaml + ports: + - containerPort: 8080 + name: metrics + - containerPort: 8888 + name: http + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + serviceAccountName: fission-router + volumes: + - name: config-volume + configMap: + name: feature-config \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_storagesvc.yaml b/core/fission/apps_v1_Deployment_storagesvc.yaml new file mode 100644 index 0000000..bc04a47 --- /dev/null +++ b/core/fission/apps_v1_Deployment_storagesvc.yaml @@ -0,0 +1,97 @@ +# Source: fission-all/templates/storagesvc/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: storagesvc + labels: + chart: "fission-all-v1.20.1" + svc: storagesvc + application: fission-storage +spec: + replicas: 1 + selector: + matchLabels: + svc: storagesvc + application: fission-storage + template: + metadata: + labels: + svc: storagesvc + application: fission-storage + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8080" + spec: + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + containers: + - name: storagesvc + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--storageServicePort", "8000", "--storageType", "local"] + env: + - name: PRUNE_ENABLED + value: "true" + - name: PRUNE_INTERVAL + value: "60" + - name: DEBUG_ENV + value: "false" + - name: PPROF_ENABLED + value: "false" + - name: FISSION_BUILDER_NAMESPACE + value: "" + - name: FISSION_FUNCTION_NAMESPACE + value: "" + - name: FISSION_DEFAULT_NAMESPACE + value: "default" + - name: FISSION_RESOURCE_NAMESPACES + value: default + - name: KUBE_CLIENT_QPS + value: "200" + - name: KUBE_CLIENT_BURST + value: "500" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: "" + - name: OTEL_EXPORTER_OTLP_INSECURE + value: "true" + - name: OTEL_TRACES_SAMPLER + value: "parentbased_traceidratio" + - name: OTEL_TRACES_SAMPLER_ARG + value: "0.1" + - name: OTEL_PROPAGATORS + value: "tracecontext,baggage" + resources: + {} + volumeMounts: + - name: fission-storage + mountPath: /fission + readinessProbe: + httpGet: + path: "/healthz" + port: 8000 + initialDelaySeconds: 1 + periodSeconds: 1 + failureThreshold: 30 + livenessProbe: + httpGet: + path: "/healthz" + port: 8000 + initialDelaySeconds: 35 + periodSeconds: 5 + ports: + - containerPort: 8080 + name: metrics + - containerPort: 8000 + name: http + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + serviceAccountName: fission-storagesvc + volumes: + - name: fission-storage + persistentVolumeClaim: + claimName: fission-storage-pvc \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_timer.yaml b/core/fission/apps_v1_Deployment_timer.yaml new file mode 100644 index 0000000..a888aa8 --- /dev/null +++ b/core/fission/apps_v1_Deployment_timer.yaml @@ -0,0 +1,61 @@ +# Source: fission-all/templates/timer/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: timer + labels: + chart: "fission-all-v1.20.1" + svc: timer +spec: + replicas: 1 + selector: + matchLabels: + svc: timer + template: + metadata: + labels: + svc: timer + spec: + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + containers: + - name: timer + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--timer", "--routerUrl", "http://router.fission"] + env: + - name: DEBUG_ENV + value: "false" + - name: PPROF_ENABLED + value: "false" + - name: FISSION_BUILDER_NAMESPACE + value: "" + - name: FISSION_FUNCTION_NAMESPACE + value: "" + - name: FISSION_DEFAULT_NAMESPACE + value: "default" + - name: FISSION_RESOURCE_NAMESPACES + value: default + - name: KUBE_CLIENT_QPS + value: "200" + - name: KUBE_CLIENT_BURST + value: "500" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: "" + - name: OTEL_EXPORTER_OTLP_INSECURE + value: "true" + - name: OTEL_TRACES_SAMPLER + value: "parentbased_traceidratio" + - name: OTEL_TRACES_SAMPLER_ARG + value: "0.1" + - name: OTEL_PROPAGATORS + value: "tracecontext,baggage" + resources: + {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + serviceAccountName: fission-timer \ No newline at end of file diff --git a/core/fission/apps_v1_Deployment_webhook.yaml b/core/fission/apps_v1_Deployment_webhook.yaml new file mode 100644 index 0000000..ebda825 --- /dev/null +++ b/core/fission/apps_v1_Deployment_webhook.yaml @@ -0,0 +1,48 @@ +# Source: fission-all/templates/webhook-server/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webhook + labels: + chart: "fission-all-v1.20.1" + svc: webhook-service + application: fission-webhook +spec: + replicas: 1 + selector: + matchLabels: + svc: webhook-service + application: fission-webhook + template: + metadata: + labels: + svc: webhook-service + application: fission-webhook + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8080" + spec: + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + containers: + - name: webhook + image: "ghcr.io/fission/fission-bundle:v1.20.1" + imagePullPolicy: IfNotPresent + command: ["/fission-bundle"] + args: ["--webhookPort", "9443"] + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: serving-certs + readOnly: true + ports: + - containerPort: 8080 + name: metrics + volumes: + - name: serving-certs + secret: + secretName: fission-webhook-certs + serviceAccountName: fission-webhook \ No newline at end of file diff --git a/core/fission/certs.tf b/core/fission/certs.tf new file mode 100644 index 0000000..c16dd3a --- /dev/null +++ b/core/fission/certs.tf @@ -0,0 +1,35 @@ +resource "kubectl_manifest" "issuer" { + yaml_body = <<-EOF + apiVersion: "cert-manager.io/v1" + kind: "Issuer" + metadata: + name: "fission-selfsigned" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + selfSigned: {} + EOF +} +resource "kubectl_manifest" "fission-webhook-certs" { + yaml_body = <<-EOF + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: "fission-webhook-certs" + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + dnsNames: + - webhook-service + - webhook-service.${var.namespace} + - webhook-service.${var.namespace}.svc + - webhook-service.${var.namespace}.svc.cluster.local + issuerRef: + kind: Issuer + name: fission-selfsigned + secretName: fission-webhook-certs + subject: + organizationalUnits: + - fission-webhook + EOF +} diff --git a/core/fission/datas.tf b/core/fission/datas.tf new file mode 100644 index 0000000..e53ba5c --- /dev/null +++ b/core/fission/datas.tf @@ -0,0 +1,453 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } + rb_patch = <<-EOF + - op: replace + path: /subjects/0/namespace + value: "${var.namespace}" + EOF + pull_policy_patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: "${var.images.bundle.pull_policy}" + EOF +} + +data "kustomization_overlay" "data" { + common_labels = local.common-labels + namespace = var.namespace + resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("WebhookConfiguration",file))<1] + images { + name = "ghcr.io/fission/fission-bundle" + new_name = "${var.images.bundle.registry}/${var.images.bundle.repository}" + new_tag = "${var.images.bundle.tag}" + } + + patches { + target { + kind = "Deployment" + name = "router" + } + patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/args/3 + value: "http://executor.${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/15/value + value: "${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/16/value + value: "${var.additionnal_namespaces}" + EOF + } + patches { + target { + kind = "Deployment" + name = "storagesvc" + } + patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/env/6/value + value: "${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/7/value + value: "${var.additionnal_namespaces}" + EOF + } + patches { + target { + kind = "Deployment" + name = "kubewatcher" + } + patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/args/2 + value: "http://router.${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/4/value + value: "${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/5/value + value: "${var.additionnal_namespaces}" + EOF + } + patches { + target { + kind = "Deployment" + name = "timer" + } + patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/args/2 + value: "http://router.${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/4/value + value: "${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/5/value + value: "${var.additionnal_namespaces}" + EOF + } + patches { + target { + kind = "Deployment" + name = "buildermgr" + } + patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/args/2 + value: "http://storagesvc.${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/0/value + value: "${var.images.fetcher.registry}/${var.images.fetcher.repository}:${var.images.fetcher.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/13/value + value: "${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/14/value + value: "${var.additionnal_namespaces}" + EOF + } + patches { + target { + kind = "Deployment" + name = "executor" + } + patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/env/0/value + value: "${var.images.fetcher.registry}/${var.images.fetcher.repository}:${var.images.fetcher.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/17/value + value: "${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/18/value + value: "${var.additionnal_namespaces}" + EOF + } + patches { + target { + kind = "Deployment" + name = "mqtrigger-keda" + } + patch = <<-EOF + - op: replace + path: /spec/template/spec/containers/0/args/2 + value: "http://router.${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/2/value + value: "${var.images.keda-kafka.registry}/${var.images.keda-kafka.repository}:${var.images.keda-kafka.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/3/value + value: "${var.images.keda-rabbitmq.registry}/${var.images.keda-rabbitmq.repository}:${var.images.keda-rabbitmq.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/4/value + value: "${var.images.keda-aws-kinesis.registry}/${var.images.keda-aws-kinesis.repository}:${var.images.keda-aws-kinesis.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/5/value + value: "${var.images.keda-aws-sqs.registry}/${var.images.keda-aws-sqs.repository}:${var.images.keda-aws-sqs.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/6/value + value: "${var.images.keda-nats-streaming.registry}/${var.images.keda-nats-streaming.repository}:${var.images.keda-nats-streaming.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/7/value + value: "${var.images.keda-nats-jetstream.registry}/${var.images.keda-nats-jetstream.repository}:${var.images.keda-nats-jetstream.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/8/value + value: "${var.images.keda-gcp-pubsub.registry}/${var.images.keda-gcp-pubsub.repository}:${var.images.keda-gcp-pubsub.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/9/value + value: "${var.images.keda-redis.registry}/${var.images.keda-redis.repository}:${var.images.keda-redis.tag}" + - op: replace + path: /spec/template/spec/containers/0/env/12/value + value: "${var.namespace}" + - op: replace + path: /spec/template/spec/containers/0/env/13/value + value: "${var.additionnal_namespaces}" + EOF + } + patches { + target { + kind = "Deployment" + name = "buildermgr" + } + patch = local.pull_policy_patch + } + patches { + target { + kind = "Deployment" + name = "executor" + } + patch = local.pull_policy_patch + } + patches { + target { + kind = "Deployment" + name = "mqtrigger-keda" + } + patch = local.pull_policy_patch + } + patches { + target { + kind = "Deployment" + name = "kubewatcher" + } + patch = local.pull_policy_patch + } + patches { + target { + kind = "Deployment" + name = "webhook" + } + patch = local.pull_policy_patch + } + patches { + target { + kind = "Deployment" + name = "timer" + } + patch = local.pull_policy_patch + } + patches { + target { + kind = "Deployment" + name = "storagesvc" + } + patch = local.pull_policy_patch + } + patches { + target { + kind = "Deployment" + name = "router" + } + patch = local.pull_policy_patch + } + + + patches { + target { + kind = "PersistentVolumeClaim" + name = "fission-storage-pvc" + } + patch = <<-EOF + kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: fission-storage-pvc + spec: + accessModes: + - "${var.storage.volume.access_mode}" + resources: + requests: + storage: "${var.storage.volume.size}" + EOF + } +} +data "kustomization_overlay" "data_no_ns" { + common_labels = local.common-labels + resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && (length(regexall("ClusterRole",file))>0 || length(regexall("WebhookConfiguration",file))>0)] + patches { + target { + kind = "ClusterRoleBinding" + name = "buildermgr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "buildermgr-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "executor" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "executor-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "fission-builder" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "fission-fetcher" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "fission-fetcher-websocket" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "fluentbit" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "keda" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "keda-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "kubewatcher" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "kubewatcher-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "kubewatcher-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "router" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "router-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "storagesvc-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "timer" + } + patch = local.rb_patch + } + patches { + target { + kind = "ClusterRoleBinding" + name = "timer-fission-cr" + } + patch = local.rb_patch + } + patches { + target { + kind = "MutatingWebhookConfiguration" + name = "mutating-webhook-configuration" + } + patch = <<-EOF + - op: replace + path: /webhooks/0/clientConfig/service/namespace + value: "${var.namespace}" + EOF + } + patches { + target { + kind = "ValidatingWebhookConfiguration" + name = "validating-webhook-configuration" + } + patch = <<-EOF + - op: replace + path: /webhooks/0/clientConfig/service/namespace + value: "${var.namespace}" + - op: replace + path: /webhooks/1/clientConfig/service/namespace + value: "${var.namespace}" + - op: replace + path: /webhooks/2/clientConfig/service/namespace + value: "${var.namespace}" + - op: replace + path: /webhooks/3/clientConfig/service/namespace + value: "${var.namespace}" + - op: replace + path: /webhooks/4/clientConfig/service/namespace + value: "${var.namespace}" + - op: replace + path: /webhooks/5/clientConfig/service/namespace + value: "${var.namespace}" + - op: replace + path: /webhooks/6/clientConfig/service/namespace + value: "${var.namespace}" + EOF + } + patches { + target { + kind = "MutatingWebhookConfiguration" + name = "mutating-webhook-configuration" + } + patch = <<-EOF + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: "${var.namespace}/fission-webhook-certs" + name: mutating-webhook-configuration + EOF + } + patches { + target { + kind = "ValidatingWebhookConfiguration" + name = "validating-webhook-configuration" + } + patch = <<-EOF + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: "${var.namespace}/fission-webhook-certs" + name: validating-webhook-configuration + EOF + } +} + + diff --git a/core/fission/index.yaml b/core/fission/index.yaml new file mode 100644 index 0000000..aa14c44 --- /dev/null +++ b/core/fission/index.yaml @@ -0,0 +1,307 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: core +metadata: + name: fission + description: null +options: + additionnal_namespaces: + default: default,vynil-monitor,vynil-functions + description: list of namespaces to support functions from (coma separated) + examples: + - default,vynil-monitor,vynil-functions + type: string + images: + default: + bundle: + pull_policy: IfNotPresent + registry: ghcr.io + repository: fission/fission-bundle + tag: v1.20.1 + fetcher: + registry: docker.io + repository: fission/fetcher + tag: v1.20.1 + keda-aws-kinesis: + registry: ghcr.io + repository: fission/keda-aws-kinesis-http-connector + tag: v0.11 + keda-aws-sqs: + registry: ghcr.io + repository: fission/keda-aws-sqs-http-connector + tag: v0.12 + keda-gcp-pubsub: + registry: ghcr.io + repository: fission/keda-gcp-pubsub-http-connector + tag: v0.7 + keda-kafka: + registry: ghcr.io + repository: fission/keda-kafka-http-connector + tag: v0.13 + keda-nats-jetstream: + registry: ghcr.io + repository: fission/keda-nats-jetstream-http-connector + tag: v0.5 + keda-nats-streaming: + registry: ghcr.io + repository: fission/keda-nats-streaming-http-connector + tag: v0.14 + keda-rabbitmq: + registry: ghcr.io + repository: fission/keda-rabbitmq-http-connector + tag: v0.11 + keda-redis: + registry: ghcr.io + repository: fission/keda-redis-http-connector + tag: v0.4 + examples: + - bundle: + pull_policy: IfNotPresent + registry: ghcr.io + repository: fission/fission-bundle + tag: v1.20.1 + fetcher: + registry: docker.io + repository: fission/fetcher + tag: v1.20.1 + keda-aws-kinesis: + registry: ghcr.io + repository: fission/keda-aws-kinesis-http-connector + tag: v0.11 + keda-aws-sqs: + registry: ghcr.io + repository: fission/keda-aws-sqs-http-connector + tag: v0.12 + keda-gcp-pubsub: + registry: ghcr.io + repository: fission/keda-gcp-pubsub-http-connector + tag: v0.7 + keda-kafka: + registry: ghcr.io + repository: fission/keda-kafka-http-connector + tag: v0.13 + keda-nats-jetstream: + registry: ghcr.io + repository: fission/keda-nats-jetstream-http-connector + tag: v0.5 + keda-nats-streaming: + registry: ghcr.io + repository: fission/keda-nats-streaming-http-connector + tag: v0.14 + keda-rabbitmq: + registry: ghcr.io + repository: fission/keda-rabbitmq-http-connector + tag: v0.11 + keda-redis: + registry: ghcr.io + repository: fission/keda-redis-http-connector + tag: v0.4 + properties: + bundle: + default: + pull_policy: IfNotPresent + registry: ghcr.io + repository: fission/fission-bundle + tag: v1.20.1 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: ghcr.io + type: string + repository: + default: fission/fission-bundle + type: string + tag: + default: v1.20.1 + type: string + type: object + fetcher: + default: + registry: docker.io + repository: fission/fetcher + tag: v1.20.1 + properties: + registry: + default: docker.io + type: string + repository: + default: fission/fetcher + type: string + tag: + default: v1.20.1 + type: string + type: object + keda-aws-kinesis: + default: + registry: ghcr.io + repository: fission/keda-aws-kinesis-http-connector + tag: v0.11 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-aws-kinesis-http-connector + type: string + tag: + default: v0.11 + type: string + type: object + keda-aws-sqs: + default: + registry: ghcr.io + repository: fission/keda-aws-sqs-http-connector + tag: v0.12 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-aws-sqs-http-connector + type: string + tag: + default: v0.12 + type: string + type: object + keda-gcp-pubsub: + default: + registry: ghcr.io + repository: fission/keda-gcp-pubsub-http-connector + tag: v0.7 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-gcp-pubsub-http-connector + type: string + tag: + default: v0.7 + type: string + type: object + keda-kafka: + default: + registry: ghcr.io + repository: fission/keda-kafka-http-connector + tag: v0.13 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-kafka-http-connector + type: string + tag: + default: v0.13 + type: string + type: object + keda-nats-jetstream: + default: + registry: ghcr.io + repository: fission/keda-nats-jetstream-http-connector + tag: v0.5 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-nats-jetstream-http-connector + type: string + tag: + default: v0.5 + type: string + type: object + keda-nats-streaming: + default: + registry: ghcr.io + repository: fission/keda-nats-streaming-http-connector + tag: v0.14 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-nats-streaming-http-connector + type: string + tag: + default: v0.14 + type: string + type: object + keda-rabbitmq: + default: + registry: ghcr.io + repository: fission/keda-rabbitmq-http-connector + tag: v0.11 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-rabbitmq-http-connector + type: string + tag: + default: v0.11 + type: string + type: object + keda-redis: + default: + registry: ghcr.io + repository: fission/keda-redis-http-connector + tag: v0.4 + properties: + registry: + default: ghcr.io + type: string + repository: + default: fission/keda-redis-http-connector + type: string + tag: + default: v0.4 + type: string + type: object + type: object + storage: + default: + volume: + access_mode: ReadWriteOnce + size: 8Gi + description: Configure this app storage + examples: + - volume: + access_mode: ReadWriteOnce + size: 8Gi + properties: + volume: + default: + access_mode: ReadWriteOnce + size: 8Gi + properties: + access_mode: + default: ReadWriteOnce + type: string + size: + default: 8Gi + type: string + type: object + type: object +dependencies: +- dist: null + category: crd + component: fission +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr-fission-cr.yaml new file mode 100644 index 0000000..c16b491 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/buildermgr/role-fission-cr.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "buildermgr-fission-cr" +subjects: + - kind: ServiceAccount + name: "fission-buildermgr" + namespace: fission +roleRef: + kind: ClusterRole + name: "buildermgr-fission-cr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr.yaml new file mode 100644 index 0000000..a122b96 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/buildermgr/role-kubernetes.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "buildermgr" +subjects: + - kind: ServiceAccount + name: "fission-buildermgr" + namespace: fission +roleRef: + kind: ClusterRole + name: "buildermgr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor-fission-cr.yaml new file mode 100644 index 0000000..f212738 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/executor/role-fission-cr.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "executor-fission-cr" +subjects: + - kind: ServiceAccount + name: "fission-executor" + namespace: fission +roleRef: + kind: ClusterRole + name: "executor-fission-cr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor.yaml new file mode 100644 index 0000000..46e9f34 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/executor/role-kubernetes.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "executor" +subjects: + - kind: ServiceAccount + name: "fission-executor" + namespace: fission +roleRef: + kind: ClusterRole + name: "executor" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-builder.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-builder.yaml new file mode 100644 index 0000000..b23e18b --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-builder.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/misc-functions/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fission-builder +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fission-builder +subjects: + - kind: ServiceAccount + name: fission-builder + namespace: default \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher-websocket.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher-websocket.yaml new file mode 100644 index 0000000..5106f7c --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher-websocket.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/misc-functions/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fission-fetcher-websocket +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fission-fetcher-websocket +subjects: + - kind: ServiceAccount + name: fission-fetcher + namespace: default \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher.yaml new file mode 100644 index 0000000..f491004 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/misc-functions/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fission-fetcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fission-fetcher +subjects: + - kind: ServiceAccount + name: fission-fetcher + namespace: default \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fluentbit.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fluentbit.yaml new file mode 100644 index 0000000..fe53a06 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fluentbit.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/fluentbit/role-kubernetes.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "fluentbit" +subjects: + - kind: ServiceAccount + name: "fission-fluentbit" + namespace: fission +roleRef: + kind: ClusterRole + name: "fluentbit" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda-fission-cr.yaml new file mode 100644 index 0000000..be0d53e --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/mqt-keda/role-fission-cr.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "keda-fission-cr" +subjects: + - kind: ServiceAccount + name: "fission-keda" + namespace: fission +roleRef: + kind: ClusterRole + name: "keda-fission-cr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda.yaml new file mode 100644 index 0000000..fb3e771 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/mqt-keda/role-kubernetes.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "keda" +subjects: + - kind: ServiceAccount + name: "fission-keda" + namespace: fission +roleRef: + kind: ClusterRole + name: "keda" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher-fission-cr.yaml new file mode 100644 index 0000000..bcc1b38 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/kubewatcher/role-fission-cr.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "kubewatcher-fission-cr" +subjects: + - kind: ServiceAccount + name: "fission-kubewatcher" + namespace: fission +roleRef: + kind: ClusterRole + name: "kubewatcher-fission-cr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher.yaml new file mode 100644 index 0000000..3d970a0 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/kubewatcher/role-kubernetes.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "kubewatcher" +subjects: + - kind: ServiceAccount + name: "fission-kubewatcher" + namespace: fission +roleRef: + kind: ClusterRole + name: "kubewatcher" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router-fission-cr.yaml new file mode 100644 index 0000000..b571266 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/router/role-fission-cr.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "router-fission-cr" +subjects: + - kind: ServiceAccount + name: "fission-router" + namespace: fission +roleRef: + kind: ClusterRole + name: "router-fission-cr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router.yaml new file mode 100644 index 0000000..954af23 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/router/role-kubernetes.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "router" +subjects: + - kind: ServiceAccount + name: "fission-router" + namespace: fission +roleRef: + kind: ClusterRole + name: "router" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-storagesvc-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-storagesvc-fission-cr.yaml new file mode 100644 index 0000000..5a97549 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-storagesvc-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/storagesvc/role-fission-cr.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "storagesvc-fission-cr" +subjects: + - kind: ServiceAccount + name: "fission-storagesvc" + namespace: fission +roleRef: + kind: ClusterRole + name: "storagesvc-fission-cr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer-fission-cr.yaml new file mode 100644 index 0000000..daaed0c --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/timer/role-fission-cr.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "timer-fission-cr" +subjects: + - kind: ServiceAccount + name: "fission-timer" + namespace: fission +roleRef: + kind: ClusterRole + name: "timer-fission-cr" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer.yaml new file mode 100644 index 0000000..a1fd971 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/timer/role-kubernetes.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "timer" +subjects: + - kind: ServiceAccount + name: "fission-timer" + namespace: fission +roleRef: + kind: ClusterRole + name: "timer" + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr-fission-cr.yaml new file mode 100644 index 0000000..4f92ed1 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr-fission-cr.yaml @@ -0,0 +1,20 @@ +# Source: fission-all/templates/buildermgr/role-fission-cr.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "buildermgr-fission-cr" +rules: +- apiGroups: + - fission.io + resources: + - environments + - functions + - packages + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr.yaml new file mode 100644 index 0000000..325d175 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr.yaml @@ -0,0 +1,43 @@ +# Source: fission-all/templates/buildermgr/role-kubernetes.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "buildermgr" +rules: +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - create + - delete + - get + - list + - watch + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - list + - create + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor-fission-cr.yaml new file mode 100644 index 0000000..9fd272c --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor-fission-cr.yaml @@ -0,0 +1,20 @@ +# Source: fission-all/templates/executor/role-fission-cr.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "executor-fission-cr" +rules: +- apiGroups: + - fission.io + resources: + - environments + - functions + - packages + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor.yaml new file mode 100644 index 0000000..dd92ad8 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor.yaml @@ -0,0 +1,99 @@ +# Source: fission-all/templates/executor/role-kubernetes.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "executor" +rules: +- apiGroups: + - "" + resources: + - pods + - services + - replicationcontrollers + verbs: + - create + - delete + - get + - list + - watch + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - watch + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get +- apiGroups: + - authorization.k8s.io + resources: + - localsubjectaccessreviews + verbs: + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create +- apiGroups: + - apps + resources: + - deployments + - deployments/scale + - replicasets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - metrics.k8s.io + resources: + - pods + verbs: + - get + - list \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-builder.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-builder.yaml new file mode 100644 index 0000000..48ca342 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-builder.yaml @@ -0,0 +1,19 @@ +# Source: fission-all/templates/misc-functions/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fission-builder +rules: +- apiGroups: + - fission.io + resources: + - packages + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher-websocket.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher-websocket.yaml new file mode 100644 index 0000000..6fa557a --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher-websocket.yaml @@ -0,0 +1,23 @@ +# Source: fission-all/templates/misc-functions/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fission-fetcher-websocket +rules: +- apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "watch" + - "create" + - "update" + - "patch" +- apiGroups: + - "" + resources: + - pods + verbs: + - get \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher.yaml new file mode 100644 index 0000000..9fd5771 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher.yaml @@ -0,0 +1,19 @@ +# Source: fission-all/templates/misc-functions/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fission-fetcher +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get +- apiGroups: + - fission.io + resources: + - packages + verbs: + - get \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fluentbit.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fluentbit.yaml new file mode 100644 index 0000000..b6110b6 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fluentbit.yaml @@ -0,0 +1,14 @@ +# Source: fission-all/templates/fluentbit/role-kubernetes.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "fluentbit" +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda-fission-cr.yaml new file mode 100644 index 0000000..c591609 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda-fission-cr.yaml @@ -0,0 +1,21 @@ +# Source: fission-all/templates/mqt-keda/role-fission-cr.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "keda-fission-cr" +rules: +- apiGroups: + - fission.io + resources: + - environments + - functions + - messagequeuetriggers + - packages + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda.yaml new file mode 100644 index 0000000..5f65927 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda.yaml @@ -0,0 +1,99 @@ +# Source: fission-all/templates/mqt-keda/role-kubernetes.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "keda" +rules: +- apiGroups: + - "" + resources: + - pods + - services + - replicationcontrollers + verbs: + - create + - delete + - get + - list + - watch + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - watch + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get +- apiGroups: + - apps + resources: + - deployments + - deployments/scale + - replicasets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - keda.sh + resources: + - scaledjobs + - scaledobjects + - scaledjobs/finalizers + - scaledjobs/status + - triggerauthentications + - triggerauthentications/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - keda.k8s.io + resources: + - scaledjobs + - scaledobjects + - scaledjobs/finalizers + - scaledjobs/status + - triggerauthentications + - triggerauthentications/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - metrics.k8s.io + resources: + - pods + verbs: + - get + - list \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher-fission-cr.yaml new file mode 100644 index 0000000..5fbd275 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher-fission-cr.yaml @@ -0,0 +1,21 @@ +# Source: fission-all/templates/kubewatcher/role-fission-cr.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "kubewatcher-fission-cr" +rules: +- apiGroups: + - fission.io + resources: + - environments + - functions + - kuberneteswatchtriggers + - packages + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher.yaml new file mode 100644 index 0000000..edf9975 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher.yaml @@ -0,0 +1,35 @@ +# Source: fission-all/templates/kubewatcher/role-kubernetes.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "kubewatcher" +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + - replicationcontrollers + - events + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router-fission-cr.yaml new file mode 100644 index 0000000..0156982 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router-fission-cr.yaml @@ -0,0 +1,21 @@ +# Source: fission-all/templates/router/role-fission-cr.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "router-fission-cr" +rules: +- apiGroups: + - fission.io + resources: + - environments + - functions + - httptriggers + - packages + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router.yaml new file mode 100644 index 0000000..23814bc --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router.yaml @@ -0,0 +1,26 @@ +# Source: fission-all/templates/router/role-kubernetes.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "router" +rules: +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-storagesvc-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-storagesvc-fission-cr.yaml new file mode 100644 index 0000000..f72918d --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-storagesvc-fission-cr.yaml @@ -0,0 +1,13 @@ +# Source: fission-all/templates/storagesvc/role-fission-cr.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "storagesvc-fission-cr" +rules: +- apiGroups: + - fission.io + resources: + - packages + verbs: + - get + - list \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer-fission-cr.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer-fission-cr.yaml new file mode 100644 index 0000000..e201fc0 --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer-fission-cr.yaml @@ -0,0 +1,21 @@ +# Source: fission-all/templates/timer/role-fission-cr.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "timer-fission-cr" +rules: +- apiGroups: + - fission.io + resources: + - environments + - functions + - packages + - timetriggers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer.yaml b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer.yaml new file mode 100644 index 0000000..d8b43ec --- /dev/null +++ b/core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/timer/role-kubernetes.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "timer" +rules: [] \ No newline at end of file diff --git a/core/fission/ressources_no_ns.tf b/core/fission/ressources_no_ns.tf new file mode 100644 index 0000000..9fa58b7 --- /dev/null +++ b/core/fission/ressources_no_ns.tf @@ -0,0 +1,45 @@ + +# first loop through resources in ids_prio[0] +resource "kustomization_resource" "pre_no_ns" { + for_each = data.kustomization_overlay.data_no_ns.ids_prio[0] + + manifest = ( + contains(["_/Secret"], regex("(?P.*/.*)/.*/.*", each.value)["group_kind"]) + ? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value]) + : data.kustomization_overlay.data_no_ns.manifests[each.value] + ) +} + +# then loop through resources in ids_prio[1] +# and set an explicit depends_on on kustomization_resource.pre +# wait 2 minutes for any deployment or daemonset to become ready +resource "kustomization_resource" "main_no_ns" { + for_each = data.kustomization_overlay.data_no_ns.ids_prio[1] + + manifest = ( + contains(["_/Secret"], regex("(?P.*/.*)/.*/.*", each.value)["group_kind"]) + ? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value]) + : data.kustomization_overlay.data_no_ns.manifests[each.value] + ) + wait = true + timeouts { + create = "5m" + update = "5m" + } + + depends_on = [kustomization_resource.pre_no_ns] +} + +# finally, loop through resources in ids_prio[2] +# and set an explicit depends_on on kustomization_resource.main +resource "kustomization_resource" "post_no_ns" { + for_each = data.kustomization_overlay.data_no_ns.ids_prio[2] + + manifest = ( + contains(["_/Secret"], regex("(?P.*/.*)/.*/.*", each.value)["group_kind"]) + ? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value]) + : data.kustomization_overlay.data_no_ns.manifests[each.value] + ) + + depends_on = [kustomization_resource.main_no_ns] +} diff --git a/core/fission/v1_ConfigMap_feature-config.yaml b/core/fission/v1_ConfigMap_feature-config.yaml new file mode 100644 index 0000000..938465c --- /dev/null +++ b/core/fission/v1_ConfigMap_feature-config.yaml @@ -0,0 +1,8 @@ +# Source: fission-all/templates/misc-functions/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-config + namespace: fission +data: + "config.yaml": Y2FuYXJ5OgogIGVuYWJsZWQ6IGZhbHNlCiAgcHJvbWV0aGV1c1N2YzogIiIKYXV0aDoKICBlbmFibGVkOiBmYWxzZQ== \ No newline at end of file diff --git a/core/fission/v1_PersistentVolumeClaim_fission-storage-pvc.yaml b/core/fission/v1_PersistentVolumeClaim_fission-storage-pvc.yaml new file mode 100644 index 0000000..24b015b --- /dev/null +++ b/core/fission/v1_PersistentVolumeClaim_fission-storage-pvc.yaml @@ -0,0 +1,15 @@ +# Source: fission-all/templates/storagesvc/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: fission-storage-pvc + labels: + app: fission-storage + chart: "fission-all-v1.20.1" + release: "fission-v1-20-1" +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "8Gi" \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-builder.yaml b/core/fission/v1_ServiceAccount_fission-builder.yaml new file mode 100644 index 0000000..4c43229 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-builder.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/misc-functions/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-builder + namespace: default \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-buildermgr.yaml b/core/fission/v1_ServiceAccount_fission-buildermgr.yaml new file mode 100644 index 0000000..b4968f1 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-buildermgr.yaml @@ -0,0 +1,7 @@ +--- +# Source: fission-all/templates/buildermgr/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-buildermgr + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-executor.yaml b/core/fission/v1_ServiceAccount_fission-executor.yaml new file mode 100644 index 0000000..fd0cb2f --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-executor.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/executor/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-executor + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-fetcher.yaml b/core/fission/v1_ServiceAccount_fission-fetcher.yaml new file mode 100644 index 0000000..1575c0a --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-fetcher.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/misc-functions/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-fetcher + namespace: default \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-fluentbit.yaml b/core/fission/v1_ServiceAccount_fission-fluentbit.yaml new file mode 100644 index 0000000..f2f3745 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-fluentbit.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/fluentbit/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-fluentbit + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-keda.yaml b/core/fission/v1_ServiceAccount_fission-keda.yaml new file mode 100644 index 0000000..8b54107 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-keda.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/mqt-keda/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-keda + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-kubewatcher.yaml b/core/fission/v1_ServiceAccount_fission-kubewatcher.yaml new file mode 100644 index 0000000..b9ad2a3 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-kubewatcher.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/kubewatcher/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-kubewatcher + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-router.yaml b/core/fission/v1_ServiceAccount_fission-router.yaml new file mode 100644 index 0000000..57b52aa --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-router.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/router/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-router + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-storagesvc.yaml b/core/fission/v1_ServiceAccount_fission-storagesvc.yaml new file mode 100644 index 0000000..c41f9d3 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-storagesvc.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/storagesvc/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-storagesvc + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-timer.yaml b/core/fission/v1_ServiceAccount_fission-timer.yaml new file mode 100644 index 0000000..c27a5d0 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-timer.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/timer/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-timer + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_ServiceAccount_fission-webhook.yaml b/core/fission/v1_ServiceAccount_fission-webhook.yaml new file mode 100644 index 0000000..665c009 --- /dev/null +++ b/core/fission/v1_ServiceAccount_fission-webhook.yaml @@ -0,0 +1,6 @@ +# Source: fission-all/templates/webhook-server/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fission-webhook + namespace: fission \ No newline at end of file diff --git a/core/fission/v1_Service_executor.yaml b/core/fission/v1_Service_executor.yaml new file mode 100644 index 0000000..2b7490a --- /dev/null +++ b/core/fission/v1_Service_executor.yaml @@ -0,0 +1,15 @@ +# Source: fission-all/templates/executor/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: executor + labels: + svc: executor + chart: "fission-all-v1.20.1" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8888 + selector: + svc: executor \ No newline at end of file diff --git a/core/fission/v1_Service_router.yaml b/core/fission/v1_Service_router.yaml new file mode 100644 index 0000000..65dc5cf --- /dev/null +++ b/core/fission/v1_Service_router.yaml @@ -0,0 +1,16 @@ +# Source: fission-all/templates/router/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: router + labels: + svc: router + application: fission-router + chart: "fission-all-v1.20.1" +spec: + type: LoadBalancer + ports: + - port: 80 + targetPort: 8888 + selector: + svc: router \ No newline at end of file diff --git a/core/fission/v1_Service_storagesvc.yaml b/core/fission/v1_Service_storagesvc.yaml new file mode 100644 index 0000000..903b785 --- /dev/null +++ b/core/fission/v1_Service_storagesvc.yaml @@ -0,0 +1,16 @@ +# Source: fission-all/templates/storagesvc/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: storagesvc + labels: + svc: storagesvc + application: fission-storage + chart: "fission-all-v1.20.1" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8000 + selector: + svc: storagesvc \ No newline at end of file diff --git a/core/fission/v1_Service_webhook-service.yaml b/core/fission/v1_Service_webhook-service.yaml new file mode 100644 index 0000000..89238c7 --- /dev/null +++ b/core/fission/v1_Service_webhook-service.yaml @@ -0,0 +1,16 @@ +# Source: fission-all/templates/webhook-server/webhook-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + labels: + svc: webhook-service + application: fission-webhook + chart: "fission-all-v1.20.1" +spec: + type: ClusterIP + ports: + - port: 443 + targetPort: 9443 + selector: + svc: webhook-service \ No newline at end of file diff --git a/meta/addons/crds.tf b/meta/addons/crds.tf index a91fe90..a93ac4a 100644 --- a/meta/addons/crds.tf +++ b/meta/addons/crds.tf @@ -193,7 +193,7 @@ resource "kubectl_manifest" "crd-keda" { } resource "kubectl_manifest" "crd-fission" { - count = (var.crds.fission.enable) ? 1 : 0 + count = (var.crds.fission.enable || var.fission.enable) ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" diff --git a/meta/addons/fission.tf b/meta/addons/fission.tf new file mode 100644 index 0000000..05863b7 --- /dev/null +++ b/meta/addons/fission.tf @@ -0,0 +1,30 @@ +locals { + fission = { for k, v in var.fission : k => v if k!="enable" && k!="namespace" } +} + +resource "kubernetes_namespace_v1" "fission-ns" { + count = var.fission.enable? 1 : 0 + metadata { + annotations = local.annotations + labels = local.common-labels + name = var.fission.namespace + } +} + +resource "kubectl_manifest" "fission" { + count = var.fission.enable ? 1 : 0 + depends_on = [kubernetes_namespace_v1.fission-ns] + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "fission" + namespace: "${var.fission.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.component}" + category: "core" + component: "fission" + options: ${jsonencode(local.fission)} + EOF +} diff --git a/meta/addons/index.yaml b/meta/addons/index.yaml index d17488a..f2eb39d 100644 --- a/meta/addons/index.yaml +++ b/meta/addons/index.yaml @@ -215,6 +215,21 @@ options: type: boolean type: object type: object + fission: + default: + enable: false + namespace: vynil-functions + examples: + - enable: false + namespace: vynil-functions + properties: + enable: + default: false + type: boolean + namespace: + default: vynil-functions + type: string + type: object flux: default: enable: false diff --git a/workflow/tekton-pipelines/datas.tf b/workflow/tekton-pipelines/datas.tf index c7365e6..83082f3 100644 --- a/workflow/tekton-pipelines/datas.tf +++ b/workflow/tekton-pipelines/datas.tf @@ -51,6 +51,20 @@ data "kustomization_overlay" "data" { value: "${var.images.webhook.pull_policy}" EOF } + patches { + target { + kind = "ConfigMap" + name = "feature-flags" + } + patch = <<-EOF + - op: replace + path: /data/enable-api-fields + value: "alpha" + - op: replace + path: /data/enable-cel-in-whenexpression + value: "true" + EOF + } patches { target { kind = "Deployment" diff --git a/workflow/tekton-triggers/datas.tf b/workflow/tekton-triggers/datas.tf index 3c8f031..ae7978d 100644 --- a/workflow/tekton-triggers/datas.tf +++ b/workflow/tekton-triggers/datas.tf @@ -13,8 +13,17 @@ locals { - op: replace path: /subjects/0/namespace value: "${var.namespace}" - EOF - + EOF + webhook-patch = <<-EOF + - op: replace + path: /webhooks/0/clientConfig/service/namespace + value: "${var.namespace}" + EOF + interceptor-patch = <<-EOF + - op: replace + path: /spec/clientConfig/service/namespace + value: "${var.namespace}" + EOF } data "kustomization_overlay" "data" { common_labels = local.common-labels @@ -106,33 +115,56 @@ data "kustomization_overlay" "data_no_ns" { kind = "MutatingWebhookConfiguration" name = "webhook.triggers.tekton.dev" } - patch = <<-EOF - - op: replace - path: /webhooks/0/clientConfig/service/namespace - value: "${var.namespace}" - EOF + patch = local.webhook-patch } patches { target { kind = "ValidatingWebhookConfiguration" name = "config.webhook.triggers.tekton.dev" } - patch = <<-EOF - - op: replace - path: /webhooks/0/clientConfig/service/namespace - value: "${var.namespace}" - EOF + patch = local.webhook-patch } patches { target { kind = "ValidatingWebhookConfiguration" name = "validation.webhook.triggers.tekton.dev" } - patch = <<-EOF - - op: replace - path: /webhooks/0/clientConfig/service/namespace - value: "${var.namespace}" - EOF + patch = local.webhook-patch + } + patches { + target { + kind = "ClusterInterceptor" + name = "cel" + } + patch = local.interceptor-patch + } + patches { + target { + kind = "ClusterInterceptor" + name = "bitbucket" + } + patch = local.interceptor-patch + } + patches { + target { + kind = "ClusterInterceptor" + name = "slack" + } + patch = local.interceptor-patch + } + patches { + target { + kind = "ClusterInterceptor" + name = "github" + } + patch = local.interceptor-patch + } + patches { + target { + kind = "ClusterInterceptor" + name = "gitlab" + } + patch = local.interceptor-patch } }