-
Notifications
You must be signed in to change notification settings - Fork 716
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
1 parent
c9ee778
commit 44725bd
Showing
4 changed files
with
4,877 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,414 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: litmus-portal-admin-secret | ||
| stringData: | ||
| DB_USER: "root" | ||
| DB_PASSWORD: "1234" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmus-portal-admin-config | ||
| data: | ||
| DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin | ||
| VERSION: "3.9.2" | ||
| SKIP_SSL_VERIFY: "false" | ||
| # Configurations if you are using dex for OAuth | ||
| DEX_ENABLED: "false" | ||
| OIDC_ISSUER: "http://<Your Domain>:32000" | ||
| DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback" | ||
| DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend" | ||
| DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0" | ||
| OAuthJwtSecret: "litmus-oauth@123" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| data: | ||
| nginx.conf: | | ||
| pid /tmp/nginx.pid; | ||
| events { | ||
| worker_connections 1024; | ||
| } | ||
| http { | ||
| map $http_upgrade $connection_upgrade { | ||
| default upgrade; | ||
| '' close; | ||
| } | ||
| client_body_temp_path /tmp/client_temp; | ||
| proxy_temp_path /tmp/proxy_temp_path; | ||
| fastcgi_temp_path /tmp/fastcgi_temp; | ||
| uwsgi_temp_path /tmp/uwsgi_temp; | ||
| scgi_temp_path /tmp/scgi_temp; | ||
| sendfile on; | ||
| tcp_nopush on; | ||
| tcp_nodelay on; | ||
| keepalive_timeout 65; | ||
| types_hash_max_size 2048; | ||
| server_tokens off; | ||
| include /etc/nginx/mime.types; | ||
| gzip on; | ||
| gzip_disable "msie6"; | ||
| access_log /var/log/nginx/access.log; | ||
| error_log /var/log/nginx/error.log; | ||
| server { | ||
| listen 8185 default_server; | ||
| root /opt/chaos; | ||
| location /health { | ||
| return 200; | ||
| } | ||
| location / { | ||
| proxy_http_version 1.1; | ||
| add_header Cache-Control "no-cache"; | ||
| try_files $uri /index.html; | ||
| autoindex on; | ||
| } | ||
| # redirect server error pages to the static page /50x.html | ||
| # | ||
| error_page 500 502 503 504 /50x.html; | ||
| location = /50x.html { | ||
| root /usr/share/nginx/html; | ||
| } | ||
| location /auth/ { | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "http://litmusportal-auth-server-service:9003/"; | ||
| } | ||
| location /api/ { | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection $connection_upgrade; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "http://litmusportal-server-service:9002/"; | ||
| } | ||
| } | ||
| } | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-frontend | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: litmusportal-frontend | ||
| image: litmuschaos/litmusportal-frontend:3.9.2 | ||
| # securityContext: | ||
| # runAsUser: 2000 | ||
| # allowPrivilegeEscalation: false | ||
| # runAsNonRoot: true | ||
| imagePullPolicy: Always | ||
| ports: | ||
| - containerPort: 8185 | ||
| resources: | ||
| requests: | ||
| memory: "250Mi" | ||
| cpu: "125m" | ||
| ephemeral-storage: "500Mi" | ||
| limits: | ||
| memory: "512Mi" | ||
| cpu: "550m" | ||
| ephemeral-storage: "1Gi" | ||
| volumeMounts: | ||
| - name: nginx-config | ||
| mountPath: /etc/nginx/nginx.conf | ||
| subPath: nginx.conf | ||
| volumes: | ||
| - name: nginx-config | ||
| configMap: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-frontend-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: http | ||
| port: 9091 | ||
| targetPort: 8185 | ||
| selector: | ||
| component: litmusportal-frontend | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-server | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| volumes: | ||
| - name: gitops-storage | ||
| emptyDir: {} | ||
| - name: hub-storage | ||
| emptyDir: {} | ||
| containers: | ||
| - name: graphql-server | ||
| image: litmuschaos/litmusportal-server:3.9.2 | ||
| volumeMounts: | ||
| - mountPath: /tmp/ | ||
| name: gitops-storage | ||
| - mountPath: /tmp/version | ||
| name: hub-storage | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication | ||
| - name: TLS_CERT_B64 | ||
| value: "" | ||
| - name: ENABLE_GQL_INTROSPECTION | ||
| value: "false" | ||
| - name: INFRA_DEPLOYMENTS | ||
| value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]' | ||
| - name: CHAOS_CENTER_UI_ENDPOINT | ||
| value: "" | ||
| - name: SUBSCRIBER_IMAGE | ||
| value: "litmuschaos/litmusportal-subscriber:3.9.2" | ||
| - name: EVENT_TRACKER_IMAGE | ||
| value: "litmuschaos/litmusportal-event-tracker:3.9.2" | ||
| - name: ARGO_WORKFLOW_CONTROLLER_IMAGE | ||
| value: "litmuschaos/workflow-controller:v3.3.1" | ||
| - name: ARGO_WORKFLOW_EXECUTOR_IMAGE | ||
| value: "litmuschaos/argoexec:v3.3.1" | ||
| - name: LITMUS_CHAOS_OPERATOR_IMAGE | ||
| value: "litmuschaos/chaos-operator:3.9.0" | ||
| - name: LITMUS_CHAOS_RUNNER_IMAGE | ||
| value: "litmuschaos/chaos-runner:3.9.0" | ||
| - name: LITMUS_CHAOS_EXPORTER_IMAGE | ||
| value: "litmuschaos/chaos-exporter:3.9.0" | ||
| - name: CONTAINER_RUNTIME_EXECUTOR | ||
| value: "k8sapi" | ||
| - name: DEFAULT_HUB_BRANCH_NAME | ||
| value: "3.9.x" | ||
| - name: LITMUS_AUTH_GRPC_ENDPOINT | ||
| value: "litmusportal-auth-server-service" | ||
| - name: LITMUS_AUTH_GRPC_PORT | ||
| value: "3030" | ||
| - name: WORKFLOW_HELPER_IMAGE_VERSION | ||
| value: "3.9.0" | ||
| - name: REMOTE_HUB_MAX_SIZE | ||
| value: "5000000" | ||
| - name: INFRA_COMPATIBLE_VERSIONS | ||
| value: '["3.9.0"]' | ||
| - name: ALLOWED_ORIGINS | ||
| value: ".*" #eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? | ||
| - name: ENABLE_INTERNAL_TLS | ||
| value: "false" | ||
| - name: TLS_CERT_PATH | ||
| value: "" | ||
| - name: TLS_KEY_PATH | ||
| value: "" | ||
| - name: CA_CERT_TLS_PATH | ||
| value: "" | ||
| - name: REST_PORT | ||
| value: "8080" | ||
| - name: GRPC_PORT | ||
| value: "8000" | ||
| ports: | ||
| - containerPort: 8080 | ||
| - containerPort: 8000 | ||
| imagePullPolicy: Always | ||
| resources: | ||
| requests: | ||
| memory: "250Mi" | ||
| cpu: "225m" | ||
| ephemeral-storage: "500Mi" | ||
| limits: | ||
| memory: "712Mi" | ||
| cpu: "550m" | ||
| ephemeral-storage: "1Gi" | ||
| --- | ||
| kind: NetworkPolicy | ||
| apiVersion: networking.k8s.io/v1 | ||
| metadata: | ||
| name: litmusportal-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| policyTypes: | ||
| - Ingress | ||
| podSelector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| ingress: | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-server-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: graphql-server | ||
| port: 9002 | ||
| targetPort: 8080 | ||
| - name: graphql-rpc-server | ||
| port: 8000 | ||
| targetPort: 8000 | ||
| selector: | ||
| component: litmusportal-server | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-auth-server | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-auth-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: auth-server | ||
| image: litmuschaos/litmusportal-auth-server:3.9.2 | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| - name: STRICT_PASSWORD_POLICY | ||
| value: "false" | ||
| - name: ADMIN_USERNAME | ||
| value: "admin" | ||
| - name: ADMIN_PASSWORD | ||
| value: "litmus" | ||
| - name: LITMUS_GQL_GRPC_ENDPOINT | ||
| value: "litmusportal-server-service" | ||
| - name: LITMUS_GQL_GRPC_PORT | ||
| value: "8000" | ||
| - name: ALLOWED_ORIGINS | ||
| value: ".*" #eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? | ||
| - name: ENABLE_INTERNAL_TLS | ||
| value: "false" | ||
| - name: TLS_CERT_PATH | ||
| value: "" | ||
| - name: TLS_KEY_PATH | ||
| value: "" | ||
| - name: CA_CERT_TLS_PATH | ||
| value: "" | ||
| - name: REST_PORT | ||
| value: "3000" | ||
| - name: GRPC_PORT | ||
| value: "3030" | ||
| ports: | ||
| - containerPort: 3000 | ||
| - containerPort: 3030 | ||
| imagePullPolicy: Always | ||
| resources: | ||
| requests: | ||
| memory: "250Mi" | ||
| cpu: "125m" | ||
| ephemeral-storage: "500Mi" | ||
| limits: | ||
| memory: "712Mi" | ||
| cpu: "550m" | ||
| ephemeral-storage: "1Gi" | ||
| --- | ||
| kind: NetworkPolicy | ||
| apiVersion: networking.k8s.io/v1 | ||
| metadata: | ||
| name: litmusportal-auth-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| policyTypes: | ||
| - Ingress | ||
| podSelector: | ||
| matchLabels: | ||
| component: litmusportal-auth-server | ||
| ingress: | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-auth-server-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: auth-server | ||
| port: 9003 | ||
| targetPort: 3000 | ||
| - name: auth-rpc-server | ||
| port: 3030 | ||
| targetPort: 3030 | ||
| selector: | ||
| component: litmusportal-auth-server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,447 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: litmus-portal-admin-secret | ||
| stringData: | ||
| DB_USER: "root" | ||
| DB_PASSWORD: "1234" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmus-portal-admin-config | ||
| data: | ||
| DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin | ||
| VERSION: "3.9.2" | ||
| SKIP_SSL_VERIFY: "false" | ||
| # Configurations if you are using dex for OAuth | ||
| DEX_ENABLED: "false" | ||
| OIDC_ISSUER: "http://<Your Domain>:32000" | ||
| DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback" | ||
| DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend" | ||
| DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0" | ||
| OAuthJwtSecret: "litmus-oauth@123" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| data: | ||
| nginx.conf: | | ||
| pid /tmp/nginx.pid; | ||
| events { | ||
| worker_connections 1024; | ||
| } | ||
| http { | ||
| map $http_upgrade $connection_upgrade { | ||
| default upgrade; | ||
| '' close; | ||
| } | ||
| client_body_temp_path /tmp/client_temp; | ||
| proxy_temp_path /tmp/proxy_temp_path; | ||
| fastcgi_temp_path /tmp/fastcgi_temp; | ||
| uwsgi_temp_path /tmp/uwsgi_temp; | ||
| scgi_temp_path /tmp/scgi_temp; | ||
| sendfile on; | ||
| tcp_nopush on; | ||
| tcp_nodelay on; | ||
| keepalive_timeout 65; | ||
| types_hash_max_size 2048; | ||
| server_tokens off; | ||
| include /etc/nginx/mime.types; | ||
| gzip on; | ||
| gzip_disable "msie6"; | ||
| access_log /var/log/nginx/access.log; | ||
| error_log /var/log/nginx/error.log; | ||
| server { | ||
| listen 8185 ssl; | ||
| ssl_certificate /etc/tls/tls.crt; | ||
| ssl_certificate_key /etc/tls/tls.key; | ||
| ssl_protocols TLSv1.2 TLSv1.3; | ||
| ssl_client_certificate /etc/tls/ca.crt; | ||
| ssl_ciphers HIGH:!aNULL:!MD5; | ||
| ssl_prefer_server_ciphers on; | ||
| ssl_session_cache shared:SSL:10m; | ||
| root /opt/chaos; | ||
| location /health { | ||
| return 200; | ||
| } | ||
| location / { | ||
| proxy_http_version 1.1; | ||
| add_header Cache-Control "no-cache"; | ||
| try_files $uri /index.html; | ||
| autoindex on; | ||
| } | ||
| # redirect server error pages to the static page /50x.html | ||
| # | ||
| error_page 500 502 503 504 /50x.html; | ||
| location = /50x.html { | ||
| root /usr/share/nginx/html; | ||
| } | ||
| location /auth/ { | ||
| proxy_ssl_verify off; | ||
| proxy_ssl_session_reuse on; | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "https://litmusportal-auth-server-service:9005/"; | ||
| proxy_ssl_certificate /etc/tls/tls.crt; | ||
| proxy_ssl_certificate_key /etc/tls/tls.key; | ||
| } | ||
| location /api/ { | ||
| proxy_ssl_verify off; | ||
| proxy_ssl_session_reuse on; | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection $connection_upgrade; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "https://litmusportal-server-service:9004/"; | ||
| proxy_ssl_certificate /etc/tls/tls.crt; | ||
| proxy_ssl_certificate_key /etc/tls/tls.key; | ||
| } | ||
| } | ||
| } | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-frontend | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: litmusportal-frontend | ||
| image: litmuschaos/litmusportal-frontend:3.9.2 | ||
| # securityContext: | ||
| # runAsUser: 2000 | ||
| # allowPrivilegeEscalation: false | ||
| # runAsNonRoot: true | ||
| imagePullPolicy: Always | ||
| ports: | ||
| - containerPort: 8185 | ||
| resources: | ||
| requests: | ||
| memory: "250Mi" | ||
| cpu: "125m" | ||
| ephemeral-storage: "500Mi" | ||
| limits: | ||
| memory: "512Mi" | ||
| cpu: "550m" | ||
| ephemeral-storage: "1Gi" | ||
| volumeMounts: | ||
| - name: nginx-config | ||
| mountPath: /etc/nginx/nginx.conf | ||
| subPath: nginx.conf | ||
| - mountPath: /etc/tls | ||
| name: tls-secret | ||
| volumes: | ||
| - name: nginx-config | ||
| configMap: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| - name: tls-secret | ||
| secret: | ||
| secretName: tls-secret | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-frontend-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: http | ||
| port: 9091 | ||
| targetPort: 8185 | ||
| selector: | ||
| component: litmusportal-frontend | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-server | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| volumes: | ||
| - name: gitops-storage | ||
| emptyDir: {} | ||
| - name: hub-storage | ||
| emptyDir: {} | ||
| - name: tls-secret | ||
| secret: | ||
| secretName: tls-secret | ||
| containers: | ||
| - name: graphql-server | ||
| image: litmuschaos/litmusportal-server:3.9.2 | ||
| volumeMounts: | ||
| - mountPath: /tmp/ | ||
| name: gitops-storage | ||
| - mountPath: /tmp/version | ||
| name: hub-storage | ||
| - mountPath: /etc/tls | ||
| name: tls-secret | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication | ||
| - name: TLS_CERT_B64 | ||
| value: "" | ||
| - name: ENABLE_GQL_INTROSPECTION | ||
| value: "false" | ||
| - name: INFRA_DEPLOYMENTS | ||
| value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]' | ||
| - name: CHAOS_CENTER_UI_ENDPOINT | ||
| value: "" | ||
| - name: SUBSCRIBER_IMAGE | ||
| value: "litmuschaos/litmusportal-subscriber:3.9.2" | ||
| - name: EVENT_TRACKER_IMAGE | ||
| value: "litmuschaos/litmusportal-event-tracker:3.9.2" | ||
| - name: ARGO_WORKFLOW_CONTROLLER_IMAGE | ||
| value: "litmuschaos/workflow-controller:v3.3.1" | ||
| - name: ARGO_WORKFLOW_EXECUTOR_IMAGE | ||
| value: "litmuschaos/argoexec:v3.3.1" | ||
| - name: LITMUS_CHAOS_OPERATOR_IMAGE | ||
| value: "litmuschaos/chaos-operator:3.9.0" | ||
| - name: LITMUS_CHAOS_RUNNER_IMAGE | ||
| value: "litmuschaos/chaos-runner:3.9.0" | ||
| - name: LITMUS_CHAOS_EXPORTER_IMAGE | ||
| value: "litmuschaos/chaos-exporter:3.9.0" | ||
| - name: CONTAINER_RUNTIME_EXECUTOR | ||
| value: "k8sapi" | ||
| - name: DEFAULT_HUB_BRANCH_NAME | ||
| value: "3.9.x" | ||
| - name: LITMUS_AUTH_GRPC_ENDPOINT | ||
| value: "litmusportal-auth-server-service" | ||
| - name: LITMUS_AUTH_GRPC_PORT | ||
| value: "3030" | ||
| - name: WORKFLOW_HELPER_IMAGE_VERSION | ||
| value: "3.9.0" | ||
| - name: REMOTE_HUB_MAX_SIZE | ||
| value: "5000000" | ||
| - name: INFRA_COMPATIBLE_VERSIONS | ||
| value: '["3.9.0"]' | ||
| - name: ALLOWED_ORIGINS | ||
| value: "^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?" | ||
| - name: ENABLE_INTERNAL_TLS | ||
| value: "true" | ||
| - name: TLS_CERT_PATH | ||
| value: "/etc/tls/tls.crt" | ||
| - name: TLS_KEY_PATH | ||
| value: "/etc/tls/tls.key" | ||
| - name: CA_CERT_TLS_PATH | ||
| value: "/etc/tls/ca.crt" | ||
| - name: REST_PORT | ||
| value: "8081" | ||
| - name: GRPC_PORT | ||
| value: "8001" | ||
| ports: | ||
| - containerPort: 8081 | ||
| - containerPort: 8001 | ||
| imagePullPolicy: Always | ||
| resources: | ||
| requests: | ||
| memory: "250Mi" | ||
| cpu: "225m" | ||
| ephemeral-storage: "500Mi" | ||
| limits: | ||
| memory: "712Mi" | ||
| cpu: "550m" | ||
| ephemeral-storage: "1Gi" | ||
| --- | ||
| kind: NetworkPolicy | ||
| apiVersion: networking.k8s.io/v1 | ||
| metadata: | ||
| name: litmusportal-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| policyTypes: | ||
| - Ingress | ||
| podSelector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| ingress: | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-server-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: graphql-server-https | ||
| port: 9004 | ||
| targetPort: 8081 | ||
| - name: graphql-rpc-server-https | ||
| port: 8001 | ||
| targetPort: 8001 | ||
| selector: | ||
| component: litmusportal-server | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-auth-server | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-auth-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| volumes: | ||
| - name: tls-secret | ||
| secret: | ||
| secretName: tls-secret | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: auth-server | ||
| volumeMounts: | ||
| - mountPath: /etc/tls | ||
| name: tls-secret | ||
| image: litmuschaos/litmusportal-auth-server:3.9.2 | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| - name: STRICT_PASSWORD_POLICY | ||
| value: "false" | ||
| - name: ADMIN_USERNAME | ||
| value: "admin" | ||
| - name: ADMIN_PASSWORD | ||
| value: "litmus" | ||
| - name: LITMUS_GQL_GRPC_ENDPOINT | ||
| value: "litmusportal-server-service" | ||
| - name: LITMUS_GQL_GRPC_PORT | ||
| value: "8000" | ||
| - name: ALLOWED_ORIGINS | ||
| value: "^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?" #ip needs to added here | ||
| - name: ENABLE_INTERNAL_TLS | ||
| value: "true" | ||
| - name: TLS_CERT_PATH | ||
| value: "/etc/tls/tls.crt" | ||
| - name: TLS_KEY_PATH | ||
| value: "/etc/tls/ctls.key" | ||
| - name: CA_CERT_TLS_PATH | ||
| value: "/etc/tls/ca.crt" | ||
| - name: REST_PORT | ||
| value: "3001" | ||
| - name: GRPC_PORT | ||
| value: "3031" | ||
| ports: | ||
| - containerPort: 3001 | ||
| - containerPort: 3031 | ||
| imagePullPolicy: Always | ||
| resources: | ||
| requests: | ||
| memory: "250Mi" | ||
| cpu: "125m" | ||
| ephemeral-storage: "500Mi" | ||
| limits: | ||
| memory: "712Mi" | ||
| cpu: "550m" | ||
| ephemeral-storage: "1Gi" | ||
| --- | ||
| kind: NetworkPolicy | ||
| apiVersion: networking.k8s.io/v1 | ||
| metadata: | ||
| name: litmusportal-auth-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| policyTypes: | ||
| - Ingress | ||
| podSelector: | ||
| matchLabels: | ||
| component: litmusportal-auth-server | ||
| ingress: | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-auth-server-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: auth-server-https | ||
| port: 9005 | ||
| targetPort: 3001 | ||
| - name: auth-rpc-server-https | ||
| port: 3031 | ||
| targetPort: 3031 | ||
| selector: | ||
| component: litmusportal-auth-server |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,420 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: litmus-portal-admin-secret | ||
| stringData: | ||
| DB_USER: "root" | ||
| DB_PASSWORD: "1234" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmus-portal-admin-config | ||
| data: | ||
| DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin | ||
| VERSION: "3.9.2" | ||
| SKIP_SSL_VERIFY: "false" | ||
| # Configurations if you are using dex for OAuth | ||
| DEX_ENABLED: "false" | ||
| OIDC_ISSUER: "http://<Your Domain>:32000" | ||
| DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback" | ||
| DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend" | ||
| DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0" | ||
| OAuthJwtSecret: "litmus-oauth@123" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| data: | ||
| nginx.conf: | | ||
| pid /tmp/nginx.pid; | ||
| events { | ||
| worker_connections 1024; | ||
| } | ||
| http { | ||
| map $http_upgrade $connection_upgrade { | ||
| default upgrade; | ||
| '' close; | ||
| } | ||
| client_body_temp_path /tmp/client_temp; | ||
| proxy_temp_path /tmp/proxy_temp_path; | ||
| fastcgi_temp_path /tmp/fastcgi_temp; | ||
| uwsgi_temp_path /tmp/uwsgi_temp; | ||
| scgi_temp_path /tmp/scgi_temp; | ||
| sendfile on; | ||
| tcp_nopush on; | ||
| tcp_nodelay on; | ||
| keepalive_timeout 65; | ||
| types_hash_max_size 2048; | ||
| server_tokens off; | ||
| include /etc/nginx/mime.types; | ||
| gzip on; | ||
| gzip_disable "msie6"; | ||
| access_log /var/log/nginx/access.log; | ||
| error_log /var/log/nginx/error.log; | ||
| server { | ||
| listen 8185 ssl; | ||
| ssl_certificate /etc/tls/tls.crt; | ||
| ssl_certificate_key /etc/tls/tls.key; | ||
| ssl_protocols TLSv1.2 TLSv1.3; | ||
| ssl_client_certificate /etc/tls/ca.crt; | ||
| ssl_ciphers HIGH:!aNULL:!MD5; | ||
| ssl_prefer_server_ciphers on; | ||
| ssl_session_cache shared:SSL:10m; | ||
| root /opt/chaos; | ||
| location /health { | ||
| return 200; | ||
| } | ||
| location / { | ||
| proxy_http_version 1.1; | ||
| add_header Cache-Control "no-cache"; | ||
| try_files $uri /index.html; | ||
| autoindex on; | ||
| } | ||
| # redirect server error pages to the static page /50x.html | ||
| # | ||
| error_page 500 502 503 504 /50x.html; | ||
| location = /50x.html { | ||
| root /usr/share/nginx/html; | ||
| } | ||
| location /auth/ { | ||
| proxy_ssl_verify off; | ||
| proxy_ssl_session_reuse on; | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "https://litmusportal-auth-server-service:9005/"; | ||
| proxy_ssl_certificate /etc/tls/tls.crt; | ||
| proxy_ssl_certificate_key /etc/tls/tls.key; | ||
| } | ||
| location /api/ { | ||
| proxy_ssl_verify off; | ||
| proxy_ssl_session_reuse on; | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection $connection_upgrade; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "https://litmusportal-server-service:9004/"; | ||
| proxy_ssl_certificate /etc/tls/tls.crt; | ||
| proxy_ssl_certificate_key /etc/tls/tls.key; | ||
| } | ||
| } | ||
| } | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-frontend | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: litmusportal-frontend | ||
| image: litmuschaos/litmusportal-frontend:3.9.2 | ||
| # securityContext: | ||
| # runAsUser: 2000 | ||
| # allowPrivilegeEscalation: false | ||
| # runAsNonRoot: true | ||
| imagePullPolicy: Always | ||
| ports: | ||
| - containerPort: 8185 | ||
| volumeMounts: | ||
| - name: nginx-config | ||
| mountPath: /etc/nginx/nginx.conf | ||
| subPath: nginx.conf | ||
| - mountPath: /etc/tls | ||
| name: tls-secret | ||
| volumes: | ||
| - name: nginx-config | ||
| configMap: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| - name: tls-secret | ||
| secret: | ||
| secretName: tls-secret | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-frontend-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: http | ||
| port: 9091 | ||
| targetPort: 8185 | ||
| selector: | ||
| component: litmusportal-frontend | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-server | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| volumes: | ||
| - name: gitops-storage | ||
| emptyDir: {} | ||
| - name: hub-storage | ||
| emptyDir: {} | ||
| - name: tls-secret | ||
| secret: | ||
| secretName: tls-secret | ||
| containers: | ||
| - name: graphql-server | ||
| image: litmuschaos/litmusportal-server:3.9.2 | ||
| volumeMounts: | ||
| - mountPath: /tmp/ | ||
| name: gitops-storage | ||
| - mountPath: /tmp/version | ||
| name: hub-storage | ||
| - mountPath: /etc/tls | ||
| name: tls-secret | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication | ||
| - name: TLS_CERT_B64 | ||
| value: "" | ||
| - name: ENABLE_GQL_INTROSPECTION | ||
| value: "false" | ||
| - name: INFRA_DEPLOYMENTS | ||
| value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]' | ||
| - name: CHAOS_CENTER_UI_ENDPOINT | ||
| value: "" | ||
| - name: SUBSCRIBER_IMAGE | ||
| value: "litmuschaos/litmusportal-subscriber:3.9.2" | ||
| - name: EVENT_TRACKER_IMAGE | ||
| value: "litmuschaos/litmusportal-event-tracker:3.9.2" | ||
| - name: ARGO_WORKFLOW_CONTROLLER_IMAGE | ||
| value: "litmuschaos/workflow-controller:v3.3.1" | ||
| - name: ARGO_WORKFLOW_EXECUTOR_IMAGE | ||
| value: "litmuschaos/argoexec:v3.3.1" | ||
| - name: LITMUS_CHAOS_OPERATOR_IMAGE | ||
| value: "litmuschaos/chaos-operator:3.9.0" | ||
| - name: LITMUS_CHAOS_RUNNER_IMAGE | ||
| value: "litmuschaos/chaos-runner:3.9.0" | ||
| - name: LITMUS_CHAOS_EXPORTER_IMAGE | ||
| value: "litmuschaos/chaos-exporter:3.9.0" | ||
| - name: CONTAINER_RUNTIME_EXECUTOR | ||
| value: "k8sapi" | ||
| - name: DEFAULT_HUB_BRANCH_NAME | ||
| value: "3.9.x" | ||
| - name: LITMUS_AUTH_GRPC_ENDPOINT | ||
| value: "litmusportal-auth-server-service" | ||
| - name: LITMUS_AUTH_GRPC_PORT | ||
| value: "3030" | ||
| - name: WORKFLOW_HELPER_IMAGE_VERSION | ||
| value: "3.9.0" | ||
| - name: REMOTE_HUB_MAX_SIZE | ||
| value: "5000000" | ||
| - name: INFRA_COMPATIBLE_VERSIONS | ||
| value: '["3.9.0"]' | ||
| - name: ALLOWED_ORIGINS | ||
| value: ".*" #eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? | ||
| - name: ENABLE_INTERNAL_TLS | ||
| value: "true" | ||
| - name: TLS_CERT_PATH | ||
| value: "/etc/tls/tls.crt" | ||
| - name: TLS_KEY_PATH | ||
| value: "/etc/tls/tls.key" | ||
| - name: CA_CERT_TLS_PATH | ||
| value: "/etc/tls/ca.crt" | ||
| - name: REST_PORT | ||
| value: "8081" | ||
| - name: GRPC_PORT | ||
| value: "8001" | ||
| ports: | ||
| - containerPort: 8081 | ||
| - containerPort: 8001 | ||
| imagePullPolicy: Always | ||
| --- | ||
| kind: NetworkPolicy | ||
| apiVersion: networking.k8s.io/v1 | ||
| metadata: | ||
| name: litmusportal-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| policyTypes: | ||
| - Ingress | ||
| podSelector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| ingress: | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-server-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: graphql-server-https | ||
| port: 9004 | ||
| targetPort: 8081 | ||
| - name: graphql-rpc-server-https | ||
| port: 8001 | ||
| targetPort: 8001 | ||
| selector: | ||
| component: litmusportal-server | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-auth-server | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-auth-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| volumes: | ||
| - name: tls-secret | ||
| secret: | ||
| secretName: tls-secret | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: auth-server | ||
| volumeMounts: | ||
| - mountPath: /etc/tls | ||
| name: tls-secret | ||
| image: litmuschaos/litmusportal-auth-server:3.9.2 | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| - name: STRICT_PASSWORD_POLICY | ||
| value: "false" | ||
| - name: ADMIN_USERNAME | ||
| value: "admin" | ||
| - name: ADMIN_PASSWORD | ||
| value: "litmus" | ||
| - name: LITMUS_GQL_GRPC_ENDPOINT | ||
| value: "litmusportal-server-service" | ||
| - name: LITMUS_GQL_GRPC_PORT | ||
| value: "8000" | ||
| - name: ALLOWED_ORIGINS | ||
| value: "^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?" #ip needs to added here | ||
| - name: ENABLE_INTERNAL_TLS | ||
| value: "true" | ||
| - name: TLS_CERT_PATH | ||
| value: "/etc/tls/tls.crt" | ||
| - name: TLS_KEY_PATH | ||
| value: "/etc/tls/ctls.key" | ||
| - name: CA_CERT_TLS_PATH | ||
| value: "/etc/tls/ca.crt" | ||
| - name: REST_PORT | ||
| value: "3001" | ||
| - name: GRPC_PORT | ||
| value: "3031" | ||
| ports: | ||
| - containerPort: 3001 | ||
| - containerPort: 3031 | ||
| imagePullPolicy: Always | ||
| --- | ||
| kind: NetworkPolicy | ||
| apiVersion: networking.k8s.io/v1 | ||
| metadata: | ||
| name: litmusportal-auth-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| policyTypes: | ||
| - Ingress | ||
| podSelector: | ||
| matchLabels: | ||
| component: litmusportal-auth-server | ||
| ingress: | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-auth-server-service | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: auth-server-https | ||
| port: 9005 | ||
| targetPort: 3001 | ||
| - name: auth-rpc-server-https | ||
| port: 3031 | ||
| targetPort: 3031 | ||
| selector: | ||
| component: litmusportal-auth-server |