From 625fbe6701371314390ca1db16ba7529755dc1a9 Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Thu, 12 Nov 2020 08:12:50 -0800 Subject: [PATCH 1/4] Cherry-Pick 'Azure kfdef manifests for 1.2 and previous (#1633)' * Add Azure owners (#1524) * Create v1.1.0 Azure Kfdef manifests (#1487) * kfdef for azure * kfdef for azure * Axure kfdef * argo version update * Owners * OWNERS * argo version * Tickle owners * Tickle owners * Create v1.1.0 Azure Kfdef manifests with OIDC Azure AD (#1576) * Rename rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system:auth-delegator.yaml to rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system-auth-delegator.yaml * intial kdef * indentation * eof * eof * eof * eof * eof * adding istio to azure stack * indentation * update URI * Rename rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system-auth-delegator.yaml to rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system:auth-delegator.yaml * placeholder for azure ad values * Add overlay to support Azure Database for MySQL (#1587) * Add readme file * Add Azure overlay for metadata * Add azure overlay and readme file * Changed the default metadata db name to be metadata-db * Remove duplicated file * Few edits when proofreading the readme.md * Adding db name to be optional * move the overlay to azure stack folder * using relative path for metadata folder * Add Azure kfdef 1.2 manifests * Remove Tensorboard from Azure Stack * Adding myself as Azure stack approver --- .../envoy-filter.yaml | 29 +++++++++ .../kustomization.yaml | 5 ++ kfdef/OWNERS | 3 + kfdef/kfctl_azure.v1.1.0.yaml | 58 +++++++++++++++++ kfdef/kfctl_azure.v1.2.0.yaml | 58 +++++++++++++++++ kfdef/kfctl_azure_aad.v1.1.0.yaml | 65 +++++++++++++++++++ kfdef/kfctl_azure_aad.v1.2.0.yaml | 65 +++++++++++++++++++ stacks/azure/OWNERS | 5 ++ .../kustomization.yaml | 5 ++ .../cert-manager-crds/kustomization.yaml | 5 ++ .../kustomization.yaml | 5 ++ .../cert-manager/kustomization.yaml | 14 ++++ .../istio-1-3-1-stack/kustomization.yaml | 6 ++ .../application/istio/kustomization.yaml | 12 ++++ stacks/azure/application/istio/params.env | 1 + stacks/azure/application/istio/params.yaml | 3 + .../base/deployment_patch.yaml | 33 ++++++++++ .../jupyter-web-app/base/kustomization.yaml | 49 ++++++++++++++ .../jupyter-web-app/base/params.env | 4 ++ .../jupyter-web-app/base/params.yaml | 7 ++ .../jupyter-web-app/kustomization.yaml | 7 ++ .../oidc-authservice/kustomization.yaml | 18 +++++ .../spark-operator/kustomization.yaml | 5 ++ .../application/spartakus/kustomization.yaml | 10 +++ stacks/azure/config/params.env | 5 ++ stacks/azure/kustomization.yaml | 52 +++++++++++++++ stacks/azure/metadata/Readme.md | 31 +++++++++ stacks/azure/metadata/kustomization.yaml | 16 +++++ .../azure/metadata/metadata-deployment.yaml | 63 ++++++++++++++++++ stacks/azure/metadata/params.env | 4 ++ stacks/azure/metadata/secrets.env | 3 + 31 files changed, 646 insertions(+) create mode 100644 istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml create mode 100644 istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml create mode 100644 kfdef/kfctl_azure.v1.1.0.yaml create mode 100644 kfdef/kfctl_azure.v1.2.0.yaml create mode 100644 kfdef/kfctl_azure_aad.v1.1.0.yaml create mode 100644 kfdef/kfctl_azure_aad.v1.2.0.yaml create mode 100644 stacks/azure/OWNERS create mode 100644 stacks/azure/application/add-anonymous-user-filter-istio-1.6/kustomization.yaml create mode 100644 stacks/azure/application/cert-manager-crds/kustomization.yaml create mode 100644 stacks/azure/application/cert-manager-kube-system-resources/kustomization.yaml create mode 100644 stacks/azure/application/cert-manager/kustomization.yaml create mode 100644 stacks/azure/application/istio-1-3-1-stack/kustomization.yaml create mode 100644 stacks/azure/application/istio/kustomization.yaml create mode 100644 stacks/azure/application/istio/params.env create mode 100644 stacks/azure/application/istio/params.yaml create mode 100644 stacks/azure/application/jupyter-web-app/base/deployment_patch.yaml create mode 100644 stacks/azure/application/jupyter-web-app/base/kustomization.yaml create mode 100644 stacks/azure/application/jupyter-web-app/base/params.env create mode 100644 stacks/azure/application/jupyter-web-app/base/params.yaml create mode 100644 stacks/azure/application/jupyter-web-app/kustomization.yaml create mode 100644 stacks/azure/application/oidc-authservice/kustomization.yaml create mode 100644 stacks/azure/application/spark-operator/kustomization.yaml create mode 100644 stacks/azure/application/spartakus/kustomization.yaml create mode 100644 stacks/azure/config/params.env create mode 100644 stacks/azure/kustomization.yaml create mode 100644 stacks/azure/metadata/Readme.md create mode 100644 stacks/azure/metadata/kustomization.yaml create mode 100644 stacks/azure/metadata/metadata-deployment.yaml create mode 100644 stacks/azure/metadata/params.env create mode 100644 stacks/azure/metadata/secrets.env diff --git a/istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml b/istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml new file mode 100644 index 0000000000..084b1725d7 --- /dev/null +++ b/istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: add-user-filter + namespace: istio-system +spec: + workloadSelector: + labels: + app: istio-ingressgateway + configPatches: + - applyTo: HTTP_FILTER + match: + context: GATEWAY + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + subFilter: + name: "envoy.router" + patch: + operation: INSERT_BEFORE + value: + name: envoy.lua + typed_config: + "@type": "type.googleapis.com/envoy.config.filter.http.lua.v2.Lua" + inlineCode: | + function envoy_on_request(request_handle) + request_handle:headers():add("kubeflow-userid","anonymous@kubeflow.org") + end diff --git a/istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml b/istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml new file mode 100644 index 0000000000..45e61bd377 --- /dev/null +++ b/istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- envoy-filter.yaml diff --git a/kfdef/OWNERS b/kfdef/OWNERS index b6f709397a..f79d6210ad 100644 --- a/kfdef/OWNERS +++ b/kfdef/OWNERS @@ -1,6 +1,9 @@ approvers: - adrian555 + - dtzar + - eedorenko - Jeffwan - kkasravi - krishnadurai + - sudivate - yanniszark diff --git a/kfdef/kfctl_azure.v1.1.0.yaml b/kfdef/kfctl_azure.v1.1.0.yaml new file mode 100644 index 0000000000..d034ebd11d --- /dev/null +++ b/kfdef/kfctl_azure.v1.1.0.yaml @@ -0,0 +1,58 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kubeflowmanifests + namespace: kubeflow +spec: + applications: + # It is expected to have Istio 1.6.x installed in istio-system namespace + - kustomizeConfig: + repoRef: + name: manifests + path: namespaces/base + name: namespaces + - kustomizeConfig: + repoRef: + name: manifests + path: application/v3 + name: application + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/add-anonymous-user-filter-istio-1.6 + name: add-anonymous-user-filter + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller/base + name: metacontroller + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure + name: kubeflow-apps + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.1-branch.tar.gz + version: v1.1-branch + diff --git a/kfdef/kfctl_azure.v1.2.0.yaml b/kfdef/kfctl_azure.v1.2.0.yaml new file mode 100644 index 0000000000..7ca08f2fe2 --- /dev/null +++ b/kfdef/kfctl_azure.v1.2.0.yaml @@ -0,0 +1,58 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kubeflowmanifests + namespace: kubeflow +spec: + applications: + # It is expected to have Istio 1.6.x installed in istio-system namespace + - kustomizeConfig: + repoRef: + name: manifests + path: namespaces/base + name: namespaces + - kustomizeConfig: + repoRef: + name: manifests + path: application/v3 + name: application + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/add-anonymous-user-filter-istio-1.6 + name: add-anonymous-user-filter + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller/base + name: metacontroller + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure + name: kubeflow-apps + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.2-branch.tar.gz + version: v1.2-branch + diff --git a/kfdef/kfctl_azure_aad.v1.1.0.yaml b/kfdef/kfctl_azure_aad.v1.1.0.yaml new file mode 100644 index 0000000000..5c9e70217e --- /dev/null +++ b/kfdef/kfctl_azure_aad.v1.1.0.yaml @@ -0,0 +1,65 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + repoRef: + name: manifests + path: namespaces/base + name: namespaces + - kustomizeConfig: + repoRef: + name: manifests + path: application/v3 + name: application + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/istio-1-3-1-stack + name: istio-stack + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/kubernetes/application/cluster-local-gateway-1-3-1 + name: cluster-local-gateway + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller/base + name: metacontroller + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/oidc-authservice + name: oidc-authservice + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure + name: kubeflow-apps + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.1-branch.tar.gz + version: v1.1-branch \ No newline at end of file diff --git a/kfdef/kfctl_azure_aad.v1.2.0.yaml b/kfdef/kfctl_azure_aad.v1.2.0.yaml new file mode 100644 index 0000000000..2599bd614d --- /dev/null +++ b/kfdef/kfctl_azure_aad.v1.2.0.yaml @@ -0,0 +1,65 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + repoRef: + name: manifests + path: namespaces/base + name: namespaces + - kustomizeConfig: + repoRef: + name: manifests + path: application/v3 + name: application + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/istio-1-3-1-stack + name: istio-stack + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/kubernetes/application/cluster-local-gateway-1-3-1 + name: cluster-local-gateway + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller/base + name: metacontroller + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure/application/oidc-authservice + name: oidc-authservice + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/azure + name: kubeflow-apps + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.2-branch.tar.gz + version: v1.2-branch diff --git a/stacks/azure/OWNERS b/stacks/azure/OWNERS new file mode 100644 index 0000000000..be48d59998 --- /dev/null +++ b/stacks/azure/OWNERS @@ -0,0 +1,5 @@ +approvers: +- berndverst +- dtzar +- eedorenko +- sudivate diff --git a/stacks/azure/application/add-anonymous-user-filter-istio-1.6/kustomization.yaml b/stacks/azure/application/add-anonymous-user-filter-istio-1.6/kustomization.yaml new file mode 100644 index 0000000000..8cc68968b4 --- /dev/null +++ b/stacks/azure/application/add-anonymous-user-filter-istio-1.6/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- ../../../../istio/add-anonymous-user-filter-istio-1.6 diff --git a/stacks/azure/application/cert-manager-crds/kustomization.yaml b/stacks/azure/application/cert-manager-crds/kustomization.yaml new file mode 100644 index 0000000000..7046d1031a --- /dev/null +++ b/stacks/azure/application/cert-manager-crds/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager +resources: +- ../../../../cert-manager/cert-manager-crds/base diff --git a/stacks/azure/application/cert-manager-kube-system-resources/kustomization.yaml b/stacks/azure/application/cert-manager-kube-system-resources/kustomization.yaml new file mode 100644 index 0000000000..35d6700694 --- /dev/null +++ b/stacks/azure/application/cert-manager-kube-system-resources/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: +- ../../../../cert-manager/cert-manager-kube-system-resources/base diff --git a/stacks/azure/application/cert-manager/kustomization.yaml b/stacks/azure/application/cert-manager/kustomization.yaml new file mode 100644 index 0000000000..58579b6269 --- /dev/null +++ b/stacks/azure/application/cert-manager/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager +kind: Kustomization +namespace: cert-manager +resources: +- ../../../../cert-manager/cert-manager/base +- ../../../../cert-manager/cert-manager/overlays/application/application.yaml +- ../../../../cert-manager/cert-manager/overlays/self-signed/cluster-issuer.yaml +configurations: +- ../../../../cert-manager/cert-manager/overlays/application/params.yaml + diff --git a/stacks/azure/application/istio-1-3-1-stack/kustomization.yaml b/stacks/azure/application/istio-1-3-1-stack/kustomization.yaml new file mode 100644 index 0000000000..47428640e2 --- /dev/null +++ b/stacks/azure/application/istio-1-3-1-stack/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- ../../../../istio-1-3-1/istio-crds-1-3-1/base +- ../../../../istio-1-3-1/istio-install-1-3-1/base diff --git a/stacks/azure/application/istio/kustomization.yaml b/stacks/azure/application/istio/kustomization.yaml new file mode 100644 index 0000000000..3552e93675 --- /dev/null +++ b/stacks/azure/application/istio/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../istio/istio/base +configMapGenerator: +- name: istio-parameters + behavior: merge + envs: + - params.env +configurations: +- params.yaml diff --git a/stacks/azure/application/istio/params.env b/stacks/azure/application/istio/params.env new file mode 100644 index 0000000000..b39a745766 --- /dev/null +++ b/stacks/azure/application/istio/params.env @@ -0,0 +1 @@ +clusterRbacConfig=OFF diff --git a/stacks/azure/application/istio/params.yaml b/stacks/azure/application/istio/params.yaml new file mode 100644 index 0000000000..e894f9bd68 --- /dev/null +++ b/stacks/azure/application/istio/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: spec/mode + kind: ClusterRbacConfig diff --git a/stacks/azure/application/jupyter-web-app/base/deployment_patch.yaml b/stacks/azure/application/jupyter-web-app/base/deployment_patch.yaml new file mode 100644 index 0000000000..34e9493408 --- /dev/null +++ b/stacks/azure/application/jupyter-web-app/base/deployment_patch.yaml @@ -0,0 +1,33 @@ +# TODO(https://github.com/kubeflow/manifests/issues/774): This is a patch +# that pulls out from core the parts that should be in pulled into stacks. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: jupyter-web-app + imagePullPolicy: $(policy) + env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + name: jupyter-web-app-parameters + key: ROK_SECRET_NAME + - name: UI + valueFrom: + configMapKeyRef: + name: jupyter-web-app-parameters + key: UI + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix diff --git a/stacks/azure/application/jupyter-web-app/base/kustomization.yaml b/stacks/azure/application/jupyter-web-app/base/kustomization.yaml new file mode 100644 index 0000000000..3679563942 --- /dev/null +++ b/stacks/azure/application/jupyter-web-app/base/kustomization.yaml @@ -0,0 +1,49 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + app: jupyter-web-app + kustomize.component: jupyter-web-app +namePrefix: jupyter-web-app- +namespace: kubeflow +images: +- name: gcr.io/kubeflow-images-public/jupyter-web-app + newName: gcr.io/kubeflow-images-public/jupyter-web-app + newTag: vmaster-gd9be4b9e +resources: +- ../../../../../jupyter/jupyter-web-app/base/cluster-role-binding.yaml +- ../../../../../jupyter/jupyter-web-app/base/cluster-role.yaml +- ../../../../../jupyter/jupyter-web-app/base/deployment.yaml +- ../../../../../jupyter/jupyter-web-app/base/role-binding.yaml +- ../../../../../jupyter/jupyter-web-app/base/role.yaml +- ../../../../../jupyter/jupyter-web-app/base/service-account.yaml +- ../../../../../jupyter/jupyter-web-app/base/service.yaml +patchesStrategicMerge: +- deployment_patch.yaml +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: jupyter-web-app-config + files: + - ../../../../../jupyter/jupyter-web-app/base/configs/spawner_ui_config.yaml +- name: parameters + envs: + - params.env +vars: +- fieldref: + fieldPath: data.policy + name: policy + objref: + apiVersion: v1 + kind: ConfigMap + name: parameters +- fieldref: + fieldPath: data.prefix + name: prefix + objref: + apiVersion: v1 + kind: ConfigMap + name: parameters +configurations: +- params.yaml diff --git a/stacks/azure/application/jupyter-web-app/base/params.env b/stacks/azure/application/jupyter-web-app/base/params.env new file mode 100644 index 0000000000..0d6dd92898 --- /dev/null +++ b/stacks/azure/application/jupyter-web-app/base/params.env @@ -0,0 +1,4 @@ +UI=default +ROK_SECRET_NAME=secret-rok-{username} +policy=Always +prefix=jupyter diff --git a/stacks/azure/application/jupyter-web-app/base/params.yaml b/stacks/azure/application/jupyter-web-app/base/params.yaml new file mode 100644 index 0000000000..c665650a15 --- /dev/null +++ b/stacks/azure/application/jupyter-web-app/base/params.yaml @@ -0,0 +1,7 @@ +varReference: +- path: spec/template/spec/containers/imagePullPolicy + kind: Deployment +- path: metadata/annotations/getambassador.io\/config + kind: Service +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/stacks/azure/application/jupyter-web-app/kustomization.yaml b/stacks/azure/application/jupyter-web-app/kustomization.yaml new file mode 100644 index 0000000000..10fe1d1d97 --- /dev/null +++ b/stacks/azure/application/jupyter-web-app/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- base +- ../../../../jupyter/jupyter-web-app/overlays/istio +- ../../../../jupyter/jupyter-web-app/overlays/application diff --git a/stacks/azure/application/oidc-authservice/kustomization.yaml b/stacks/azure/application/oidc-authservice/kustomization.yaml new file mode 100644 index 0000000000..80ceb78b5b --- /dev/null +++ b/stacks/azure/application/oidc-authservice/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- ../../../../istio/oidc-authservice/overlays/application +configMapGenerator: +- name: oidc-authservice-parameters + behavior: merge + literals: + - client_id= + - oidc_provider=https://login.microsoftonline.com//v2.0 + - oidc_redirect_uri=https:///login/oidc + - oidc_auth_url=https://login.microsoftonline.com//oauth2/v2.0/authorize + - application_secret= + - skip_auth_uri= + - namespace=istio-system + - userid-header=kubeflow-userid + - userid-prefix= diff --git a/stacks/azure/application/spark-operator/kustomization.yaml b/stacks/azure/application/spark-operator/kustomization.yaml new file mode 100644 index 0000000000..0928ac4434 --- /dev/null +++ b/stacks/azure/application/spark-operator/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../spark/spark-operator/overlays/application diff --git a/stacks/azure/application/spartakus/kustomization.yaml b/stacks/azure/application/spartakus/kustomization.yaml new file mode 100644 index 0000000000..10560182cd --- /dev/null +++ b/stacks/azure/application/spartakus/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../common/spartakus/overlays/application +configMapGenerator: +- name: spartakus-config + behavior: merge + literals: + - usageId= diff --git a/stacks/azure/config/params.env b/stacks/azure/config/params.env new file mode 100644 index 0000000000..e296f8f01b --- /dev/null +++ b/stacks/azure/config/params.env @@ -0,0 +1,5 @@ +clusterDomain=cluster.local +userid-header=kubeflow-userid +userid-prefix= +cluster-name= +istio-namespace=istio-system diff --git a/stacks/azure/kustomization.yaml b/stacks/azure/kustomization.yaml new file mode 100644 index 0000000000..2184a67aae --- /dev/null +++ b/stacks/azure/kustomization.yaml @@ -0,0 +1,52 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: + - ../../admission-webhook/webhook/v3 + - ../../common/centraldashboard/overlays/stacks + - ../../kubeflow-roles/base + - ./application/jupyter-web-app + - ../../jupyter/notebook-controller/base_v3 + - ../../profiles/base_v3 + - ./application/spark-operator + - ./application/spartakus + # Training Operators + - ../../pytorch-job/pytorch-job-crds/overlays/application + - ../../pytorch-job/pytorch-operator/overlays/application + - ../../tf-training/tf-job-crds/overlays/application + - ../../tf-training/tf-job-operator/overlays/application + - ../../mxnet-job/mxnet-operator/overlays/application + - ../../mpi-job/mpi-operator/overlays/application + - ../../katib/installs/katib-standalone + # Pipeline + - ../../pipeline/minio/installs/generic + - ../../pipeline/mysql/installs/generic + - ../../pipeline/installs/generic + - ../../argo/base_v3 + # Serving components + - ../../knative/installs/generic + - ../../kfserving/installs/generic + # Kubernetes resources - anonymous user + - ../../default-install/base + # Metadata + - ../../metadata/v3 + # Uncomment the line below if you want to use Azure MySQL + # - ./metadata +configMapGenerator: +- name: workflow-controller-parameters + behavior: merge + literals: + - containerRuntimeExecutor=pns +- name: kubeflow-config + envs: + - ./config/params.env +vars: +# We need to define vars at the top level otherwise we will get +# conflicts. +- fieldref: + fieldpath: metadata.namespace + name: katib-ui-namespace + objref: + kind: Service + name: katib-ui + apiVersion: v1 diff --git a/stacks/azure/metadata/Readme.md b/stacks/azure/metadata/Readme.md new file mode 100644 index 0000000000..a40ca2de23 --- /dev/null +++ b/stacks/azure/metadata/Readme.md @@ -0,0 +1,31 @@ +# Metadata Kustomization for Azure + +This directory contains configurations and guidelines on setting up metadata service to connect to an [Azure MySQL](https://docs.microsoft.com/en-us/azure/mysql/) database. + +#### 1. Create an Azure MySQL database +Create an Azure MySQL data base following the [guidance](https://docs.microsoft.com/en-us/azure/mysql/quickstart-create-mysql-server-database-using-azure-portal) using Azure Portal. Alternatively, you could also use Azure CLI by following [steps](https://docs.microsoft.com/en-us/azure/mysql/quickstart-create-mysql-server-database-using-azure-cli) here. Take notes for ```Server Name```, ```Admin username```, and ```Password```. + +By default the server created is protected with a firewall and is not accessible publicly. Follow the [guidance](https://docs.microsoft.com/en-us/azure/mysql/quickstart-create-mysql-server-database-using-azure-portal#configure-a-server-level-firewall-rule) to allow database to be accessible from external IP addresses. Based on your configuration, you might also enable all IP addresses, and disable ```Enforce SSL connection```. + +#### 2. Deploy Kubeflow to use Azure metadata overlay +Follow the [installation document for Azure AKS](https://www.kubeflow.org/docs/azure/deploy/install-kubeflow/) until the step to build and apply the ```CONFIG_URI```. Download your configuration file, so that you can customize the configuration before deploying Kubeflow by running ```wget -O kfctl_azure.yaml ${CONFIG_URI}```, where the ```${CONFIG_URL}``` should be the one you specified in the previous steps. Run +```kfctl build -V -f kfctl_azure.yaml```. + +Edit the Azure stack at ```/stacks/azure``` and make change under ```resources``` from ```- ../../metadata/v3``` to ```metadata``` to use Azure MySQL. + +Edit ```params.env``` to provide parameters to config map as follows (change the ```[db_name]``` to the server name you used): +``` +MYSQL_HOST=[db_name].mysql.database.azure.com +MYSQL_DATABASE=mlmetadata +MYSQL_PORT=3306 +MYSQL_ALLOW_EMPTY_PASSWORD=true +``` + +Edit ```secrets.env``` to create a secret based on your database configuration (make sure the user name follows the pattern with an "@", like the one showed below): +``` +MYSQL_USERNAME=[admin_user_name]@[db_name] +MYSQL_PASSWORD=[admin_password] +``` + +#### 3. Run Kubeflow Installation +```kfctl apply -V -f kfctl_azure.yaml``` diff --git a/stacks/azure/metadata/kustomization.yaml b/stacks/azure/metadata/kustomization.yaml new file mode 100644 index 0000000000..3ef3ce8efb --- /dev/null +++ b/stacks/azure/metadata/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + kustomize.component: metadata +configMapGenerator: +- name: metadata-db-parameters + envs: + - params.env +secretGenerator: +- name: metadata-db-secrets + envs: + - secrets.env +bases: +- ../../../metadata/base/ +patchesStrategicMerge: +- metadata-deployment.yaml \ No newline at end of file diff --git a/stacks/azure/metadata/metadata-deployment.yaml b/stacks/azure/metadata/metadata-deployment.yaml new file mode 100644 index 0000000000..9ef0583623 --- /dev/null +++ b/stacks/azure/metadata/metadata-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment + labels: + component: server +spec: + replicas: 1 + selector: + matchLabels: + component: server + template: + metadata: + labels: + component: server + spec: + containers: + - name: container + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + command: ["./server/server", + "--http_port=8080", + "--mysql_service_host=$(MYSQL_HOST)", + "--mlmd_db_name=$(MYSQL_DATABASE)", + "--mysql_service_port=$(MYSQL_PORT)", + "--mysql_service_user=$(MYSQL_USERNAME)", + "--mysql_service_password=$(MYSQL_PASSWORD)"] +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grpc-deployment + labels: + component: grpc-server +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + template: + metadata: + labels: + component: grpc-server + spec: + containers: + - name: container + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: grpc-configmap + args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", + "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_database=$(MYSQL_DATABASE)", + "--mysql_config_port=$(MYSQL_PORT)", + "--mysql_config_user=$(MYSQL_USERNAME)", + "--mysql_config_password=$(MYSQL_PASSWORD)" + ] diff --git a/stacks/azure/metadata/params.env b/stacks/azure/metadata/params.env new file mode 100644 index 0000000000..5c1670f2ad --- /dev/null +++ b/stacks/azure/metadata/params.env @@ -0,0 +1,4 @@ +MYSQL_HOST=[db_name].mysql.database.azure.com +MYSQL_DATABASE=mlmetadata +MYSQL_PORT=3306 +MYSQL_ALLOW_EMPTY_PASSWORD=true diff --git a/stacks/azure/metadata/secrets.env b/stacks/azure/metadata/secrets.env new file mode 100644 index 0000000000..a0f000e4f3 --- /dev/null +++ b/stacks/azure/metadata/secrets.env @@ -0,0 +1,3 @@ +MYSQL_USERNAME=[admin_user_name]@[db_name] +MYSQL_PASSWORD=[admin_password] + From d847b9ae59868362c680928b4e06f61ad3a9b875 Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Thu, 12 Nov 2020 14:17:25 -0800 Subject: [PATCH 2/4] Cherry-Pick 'Update azure stack for tests' --- kfdef/kfctl_azure.v1.2.0.yaml | 2 +- .../kustomization.yaml | 0 stacks/azure/metadata/kustomization.yaml | 16 ++++++--- .../azure/metadata/metadata-deployment.yaml | 35 +------------------ .../metadata/metadata-grpc-deployment.yaml | 32 +++++++++++++++++ 5 files changed, 45 insertions(+), 40 deletions(-) rename stacks/azure/application/{add-anonymous-user-filter-istio-1.6 => add-anonymous-user-filter-istio-1-6}/kustomization.yaml (100%) create mode 100644 stacks/azure/metadata/metadata-grpc-deployment.yaml diff --git a/kfdef/kfctl_azure.v1.2.0.yaml b/kfdef/kfctl_azure.v1.2.0.yaml index 7ca08f2fe2..7a086b82be 100644 --- a/kfdef/kfctl_azure.v1.2.0.yaml +++ b/kfdef/kfctl_azure.v1.2.0.yaml @@ -34,7 +34,7 @@ spec: - kustomizeConfig: repoRef: name: manifests - path: stacks/azure/application/add-anonymous-user-filter-istio-1.6 + path: stacks/azure/application/add-anonymous-user-filter-istio-1-6 name: add-anonymous-user-filter - kustomizeConfig: repoRef: diff --git a/stacks/azure/application/add-anonymous-user-filter-istio-1.6/kustomization.yaml b/stacks/azure/application/add-anonymous-user-filter-istio-1-6/kustomization.yaml similarity index 100% rename from stacks/azure/application/add-anonymous-user-filter-istio-1.6/kustomization.yaml rename to stacks/azure/application/add-anonymous-user-filter-istio-1-6/kustomization.yaml diff --git a/stacks/azure/metadata/kustomization.yaml b/stacks/azure/metadata/kustomization.yaml index 3ef3ce8efb..90826f78b2 100644 --- a/stacks/azure/metadata/kustomization.yaml +++ b/stacks/azure/metadata/kustomization.yaml @@ -2,6 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization commonLabels: kustomize.component: metadata + +bases: +- ../../../metadata/base + +resources: +- metadata-deployment.yaml + +patchesStrategicMerge: +- metadata-grpc-deployment.yaml + configMapGenerator: - name: metadata-db-parameters envs: @@ -9,8 +19,4 @@ configMapGenerator: secretGenerator: - name: metadata-db-secrets envs: - - secrets.env -bases: -- ../../../metadata/base/ -patchesStrategicMerge: -- metadata-deployment.yaml \ No newline at end of file + - secrets.env \ No newline at end of file diff --git a/stacks/azure/metadata/metadata-deployment.yaml b/stacks/azure/metadata/metadata-deployment.yaml index 9ef0583623..088bf1f705 100644 --- a/stacks/azure/metadata/metadata-deployment.yaml +++ b/stacks/azure/metadata/metadata-deployment.yaml @@ -27,37 +27,4 @@ spec: "--mlmd_db_name=$(MYSQL_DATABASE)", "--mysql_service_port=$(MYSQL_PORT)", "--mysql_service_user=$(MYSQL_USERNAME)", - "--mysql_service_password=$(MYSQL_PASSWORD)"] ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grpc-deployment - labels: - component: grpc-server -spec: - replicas: 1 - selector: - matchLabels: - component: grpc-server - template: - metadata: - labels: - component: grpc-server - spec: - containers: - - name: container - envFrom: - - configMapRef: - name: metadata-db-parameters - - secretRef: - name: metadata-db-secrets - - configMapRef: - name: grpc-configmap - args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", - "--mysql_config_host=$(MYSQL_HOST)", - "--mysql_config_database=$(MYSQL_DATABASE)", - "--mysql_config_port=$(MYSQL_PORT)", - "--mysql_config_user=$(MYSQL_USERNAME)", - "--mysql_config_password=$(MYSQL_PASSWORD)" - ] + "--mysql_service_password=$(MYSQL_PASSWORD)"] \ No newline at end of file diff --git a/stacks/azure/metadata/metadata-grpc-deployment.yaml b/stacks/azure/metadata/metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..2cdc9ae183 --- /dev/null +++ b/stacks/azure/metadata/metadata-grpc-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grpc-deployment + labels: + component: grpc-server +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + template: + metadata: + labels: + component: grpc-server + spec: + containers: + - name: container + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: grpc-configmap + args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", + "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_database=$(MYSQL_DATABASE)", + "--mysql_config_port=$(MYSQL_PORT)", + "--mysql_config_user=$(MYSQL_USERNAME)", + "--mysql_config_password=$(MYSQL_PASSWORD)" + ] \ No newline at end of file From 61e77bbe2aff06ebee999579e0c5ccd66b805359 Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Thu, 12 Nov 2020 16:13:06 -0800 Subject: [PATCH 3/4] Cherry-Pick 'Add Azure stack tests' --- .../kustomize_test.go | 15 + ..._v1alpha3_envoyfilter_add-user-filter.yaml | 29 + .../cert-manager-crds/kustomize_test.go | 15 + ...n_certificaterequests.cert-manager.io.yaml | 181 + ...finition_certificates.cert-manager.io.yaml | 235 + ...ition_challenges.acme.cert-manager.io.yaml | 1369 ++++++ ...nition_clusterissuers.cert-manager.io.yaml | 1655 +++++++ ...rcedefinition_issuers.cert-manager.io.yaml | 1655 +++++++ ...efinition_orders.acme.cert-manager.io.yaml | 200 + .../kustomize_test.go | 15 + ...ert-manager-cainjector:leaderelection.yaml | 18 + ...eta1_role_cert-manager:leaderelection.yaml | 18 + ...ert-manager-cainjector:leaderelection.yaml | 17 + ...webhook:webhook-authentication-reader.yaml | 17 + ...lebinding_cert-manager:leaderelection.yaml | 17 + ...p_cert-manager-kube-params-parameters.yaml | 9 + .../cert-manager/kustomize_test.go | 15 + ...ookconfiguration_cert-manager-webhook.yaml | 35 + ...ookconfiguration_cert-manager-webhook.yaml | 34 + ...rvice_v1beta1.webhook.cert-manager.io.yaml | 19 + ...s.io_v1beta1_application_cert-manager.yaml | 41 + ...v1_deployment_cert-manager-cainjector.yaml | 41 + ...ps_v1_deployment_cert-manager-webhook.yaml | 50 + .../apps_v1_deployment_cert-manager.yaml | 54 + ...erissuer_kubeflow-self-signing-issuer.yaml | 11 + ...s.io_v1_clusterrole_cert-manager-edit.yaml | 24 + ...s.io_v1_clusterrole_cert-manager-view.yaml | 23 + ...ert-manager-webhook:webhook-requester.yaml | 19 + ...1_clusterrole_cert-manager-cainjector.yaml | 63 + ..._cert-manager-controller-certificates.yaml | 64 + ...le_cert-manager-controller-challenges.yaml | 86 + ...ert-manager-controller-clusterissuers.yaml | 43 + ..._cert-manager-controller-ingress-shim.yaml | 51 + ...rrole_cert-manager-controller-issuers.yaml | 43 + ...errole_cert-manager-controller-orders.yaml | 63 + ...errolebinding_cert-manager-cainjector.yaml | 17 + ..._cert-manager-controller-certificates.yaml | 17 + ...ng_cert-manager-controller-challenges.yaml | 17 + ...ert-manager-controller-clusterissuers.yaml | 17 + ..._cert-manager-controller-ingress-shim.yaml | 17 + ...nding_cert-manager-controller-issuers.yaml | 17 + ...inding_cert-manager-controller-orders.yaml | 17 + ...g_cert-manager-webhook:auth-delegator.yaml | 18 + ..._v1_configmap_cert-manager-parameters.yaml | 11 + .../~g_v1_namespace_cert-manager.yaml | 8 + .../~g_v1_service_cert-manager-webhook.yaml | 21 + .../expected/~g_v1_service_cert-manager.yaml | 21 + ...erviceaccount_cert-manager-cainjector.yaml | 10 + ...1_serviceaccount_cert-manager-webhook.yaml | 10 + .../~g_v1_serviceaccount_cert-manager.yaml | 10 + .../istio-1-3-1-stack/kustomize_test.go | 15 + ...kconfiguration_istio-sidecar-injector.yaml | 27 + ...cedefinition_adapters.config.istio.io.yaml | 23 + ...on_attributemanifests.config.istio.io.yaml | 23 + ...n_authorizationpolicies.rbac.istio.io.yaml | 22 + ...ition_certificates.certmanager.k8s.io.yaml | 42 + ...inition_challenges.certmanager.k8s.io.yaml | 34 + ...ion_clusterissuers.certmanager.k8s.io.yaml | 17 + ...tion_clusterrbacconfigs.rbac.istio.io.yaml | 24 + ..._destinationrules.networking.istio.io.yaml | 36 + ...tion_envoyfilters.networking.istio.io.yaml | 21 + ...finition_gateways.networking.istio.io.yaml | 23 + ...cedefinition_handlers.config.istio.io.yaml | 23 + ...n_httpapispecbindings.config.istio.io.yaml | 21 + ...finition_httpapispecs.config.istio.io.yaml | 21 + ...edefinition_instances.config.istio.io.yaml | 23 + ...definition_issuers.certmanager.k8s.io.yaml | 17 + ..._meshpolicies.authentication.istio.io.yaml | 22 + ...edefinition_orders.certmanager.k8s.io.yaml | 36 + ...tion_policies.authentication.istio.io.yaml | 21 + ...ion_quotaspecbindings.config.istio.io.yaml | 21 + ...definition_quotaspecs.config.istio.io.yaml | 21 + ...edefinition_rbacconfigs.rbac.istio.io.yaml | 23 + ...ourcedefinition_rules.config.istio.io.yaml | 23 + ...on_serviceentries.networking.istio.io.yaml | 45 + ...ion_servicerolebindings.rbac.istio.io.yaml | 35 + ...definition_serviceroles.rbac.istio.io.yaml | 23 + ...finition_sidecars.networking.istio.io.yaml | 21 + ...edefinition_templates.config.istio.io.yaml | 23 + ...n_virtualservices.networking.istio.io.yaml | 40 + .../apps_v1_daemonset_istio-nodeagent.yaml | 87 + .../apps_v1_deployment_istio-citadel.yaml | 78 + .../apps_v1_deployment_istio-galley.yaml | 122 + ...ps_v1_deployment_istio-ingressgateway.yaml | 202 + .../apps_v1_deployment_istio-pilot.yaml | 185 + .../apps_v1_deployment_istio-policy.yaml | 175 + ..._v1_deployment_istio-sidecar-injector.yaml | 117 + .../apps_v1_deployment_istio-telemetry.yaml | 185 + .../apps_v1_deployment_prometheus.yaml | 87 + ...talpodautoscaler_istio-ingressgateway.yaml | 20 + ...1_horizontalpodautoscaler_istio-pilot.yaml | 19 + ..._horizontalpodautoscaler_istio-policy.yaml | 19 + ...rizontalpodautoscaler_istio-telemetry.yaml | 19 + ...post-install-release-1.3-latest-daily.yaml | 64 + ...v1alpha2_attributemanifest_istioproxy.yaml | 137 + ...v1alpha2_attributemanifest_kubernetes.yaml | 61 + ...tio.io_v1alpha2_handler_kubernetesenv.yaml | 9 + ....istio.io_v1alpha2_handler_prometheus.yaml | 213 + ...istio.io_v1alpha2_instance_attributes.yaml | 36 + ...tio.io_v1alpha2_instance_requestcount.yaml | 36 + ....io_v1alpha2_instance_requestduration.yaml | 36 + ...stio.io_v1alpha2_instance_requestsize.yaml | 36 + ...tio.io_v1alpha2_instance_responsesize.yaml | 36 + ....io_v1alpha2_instance_tcpbytereceived.yaml | 32 + ...stio.io_v1alpha2_instance_tcpbytesent.yaml | 32 + ...1alpha2_instance_tcpconnectionsclosed.yaml | 32 + ...1alpha2_instance_tcpconnectionsopened.yaml | 32 + ....io_v1alpha2_rule_kubeattrgenrulerule.yaml | 12 + ...onfig.istio.io_v1alpha2_rule_promhttp.yaml | 18 + ...config.istio.io_v1alpha2_rule_promtcp.yaml | 14 + ...v1alpha2_rule_promtcpconnectionclosed.yaml | 13 + ...o_v1alpha2_rule_promtcpconnectionopen.yaml | 13 + ..._v1alpha2_rule_tcpkubeattrgenrulerule.yaml | 13 + ...v1alpha3_destinationrule_istio-policy.yaml | 19 + ...lpha3_destinationrule_istio-telemetry.yaml | 19 + ...eta1_poddisruptionbudget_istio-galley.yaml | 14 + ...disruptionbudget_istio-ingressgateway.yaml | 14 + ...beta1_poddisruptionbudget_istio-pilot.yaml | 14 + ...eta1_poddisruptionbudget_istio-policy.yaml | 17 + ...sruptionbudget_istio-sidecar-injector.yaml | 14 + ...1_poddisruptionbudget_istio-telemetry.yaml | 17 + ...lusterrole_istio-citadel-istio-system.yaml | 42 + ...clusterrole_istio-galley-istio-system.yaml | 90 + ..._clusterrole_istio-mixer-istio-system.yaml | 48 + ...sterrole_istio-nodeagent-istio-system.yaml | 13 + ..._clusterrole_istio-pilot-istio-system.yaml | 69 + ...on.k8s.io_v1_clusterrole_istio-reader.yaml | 26 + ...e_istio-sidecar-injector-istio-system.yaml | 25 + ...1_clusterrole_prometheus-istio-system.yaml | 29 + ...olebinding_istio-citadel-istio-system.yaml | 14 + ...alley-admin-role-binding-istio-system.yaml | 14 + ...mixer-admin-role-binding-istio-system.yaml | 14 + ....io_v1_clusterrolebinding_istio-multi.yaml | 12 + ...ebinding_istio-nodeagent-istio-system.yaml | 14 + ...rrolebinding_istio-pilot-istio-system.yaml | 14 + ...ector-admin-role-binding-istio-system.yaml | 15 + ...errolebinding_prometheus-istio-system.yaml | 14 + ...s.io_v1_role_istio-ingressgateway-sds.yaml | 14 + ..._rolebinding_istio-ingressgateway-sds.yaml | 13 + ...io-security-post-install-istio-system.yaml | 35 + ...ost-install-role-binding-istio-system.yaml | 14 + ...pha1_servicerole_istio-ingressgateway.yaml | 9 + ...rvicerolebinding_istio-ingressgateway.yaml | 11 + ..._configmap_istio-galley-configuration.yaml | 120 + ...p_istio-install-parameters-5kmkd2f29g.yaml | 7 + ...igmap_istio-security-custom-resources.yaml | 49 + ...g_v1_configmap_istio-sidecar-injector.yaml | 405 ++ .../expected/~g_v1_configmap_istio.yaml | 137 + .../expected/~g_v1_configmap_prometheus.yaml | 276 ++ .../~g_v1_namespace_istio-system.yaml | 4 + .../expected/~g_v1_service_istio-citadel.yaml | 18 + .../expected/~g_v1_service_istio-galley.yaml | 18 + .../~g_v1_service_istio-ingressgateway.yaml | 44 + .../expected/~g_v1_service_istio-pilot.yaml | 20 + .../expected/~g_v1_service_istio-policy.yaml | 21 + .../~g_v1_service_istio-sidecar-injector.yaml | 16 + .../~g_v1_service_istio-telemetry.yaml | 23 + .../expected/~g_v1_service_prometheus.yaml | 16 + ...account_istio-citadel-service-account.yaml | 7 + ...eaccount_istio-galley-service-account.yaml | 7 + ..._istio-ingressgateway-service-account.yaml | 7 + ...ceaccount_istio-mixer-service-account.yaml | 7 + .../~g_v1_serviceaccount_istio-multi.yaml | 5 + ...count_istio-nodeagent-service-account.yaml | 7 + ...ceaccount_istio-pilot-service-account.yaml | 7 + ...t_istio-security-post-install-account.yaml | 7 + ...stio-sidecar-injector-service-account.yaml | 8 + .../~g_v1_serviceaccount_prometheus.yaml | 7 + .../azure/application/istio/kustomize_test.go | 15 + ....io_v1alpha3_gateway_kubeflow-gateway.yaml | 15 + ...1alpha3_serviceentry_google-api-entry.yaml | 14 + ...serviceentry_google-storage-api-entry.yaml | 14 + ...v1alpha3_virtualservice_google-api-vs.yaml | 19 + ..._virtualservice_google-storage-api-vs.yaml | 19 + ...io_v1alpha3_virtualservice_grafana-vs.yaml | 23 + ...o_v1_clusterrole_kubeflow-istio-admin.yaml | 11 + ...io_v1_clusterrole_kubeflow-istio-edit.yaml | 22 + ...io_v1_clusterrole_kubeflow-istio-view.yaml | 16 + ...io_v1alpha1_clusterrbacconfig_default.yaml | 10 + ...configmap_istio-parameters-t6hhgfg9k2.yaml | 10 + .../jupyter-web-app/base/kustomize_test.go | 15 + ...deployment_jupyter-web-app-deployment.yaml | 63 + ...sterrole_jupyter-web-app-cluster-role.yaml | 59 + ...er-web-app-kubeflow-notebook-ui-admin.yaml | 11 + ...ter-web-app-kubeflow-notebook-ui-edit.yaml | 22 + ...ter-web-app-kubeflow-notebook-ui-view.yaml | 28 + ..._jupyter-web-app-cluster-role-binding.yaml | 17 + ...jupyter-web-app-jupyter-notebook-role.yaml | 41 + ...web-app-jupyter-notebook-role-binding.yaml | 17 + ...upyter-web-app-jupyter-web-app-config.yaml | 140 + ..._configmap_jupyter-web-app-parameters.yaml | 15 + ...~g_v1_service_jupyter-web-app-service.yaml | 33 + ...count_jupyter-web-app-service-account.yaml | 10 + .../jupyter-web-app/kustomize_test.go | 15 + ...o_v1beta1_application_jupyter-web-app.yaml | 53 + ...deployment_jupyter-web-app-deployment.yaml | 63 + ...alpha3_virtualservice_jupyter-web-app.yaml | 25 + ...sterrole_jupyter-web-app-cluster-role.yaml | 59 + ...er-web-app-kubeflow-notebook-ui-admin.yaml | 11 + ...ter-web-app-kubeflow-notebook-ui-edit.yaml | 22 + ...ter-web-app-kubeflow-notebook-ui-view.yaml | 28 + ..._jupyter-web-app-cluster-role-binding.yaml | 17 + ...jupyter-web-app-jupyter-notebook-role.yaml | 41 + ...web-app-jupyter-notebook-role-binding.yaml | 17 + ...upyter-web-app-jupyter-web-app-config.yaml | 140 + ..._configmap_jupyter-web-app-parameters.yaml | 15 + ...~g_v1_service_jupyter-web-app-service.yaml | 33 + ...count_jupyter-web-app-service-account.yaml | 10 + .../oidc-authservice/kustomize_test.go | 15 + ..._v1beta1_application_oidc-authservice.yaml | 47 + .../apps_v1_statefulset_authservice.yaml | 70 + ....io_v1alpha3_envoyfilter_authn-filter.yaml | 36 + ...configmap_oidc-authservice-parameters.yaml | 20 + ...persistentvolumeclaim_authservice-pvc.yaml | 14 + .../expected/~g_v1_service_authservice.yaml | 19 + .../spark-operator/kustomize_test.go | 15 + ...parkapplications.sparkoperator.k8s.io.yaml | 2550 +++++++++++ ...parkapplications.sparkoperator.k8s.io.yaml | 2532 +++++++++++ ...io_v1beta1_application_spark-operator.yaml | 42 + ...eployment_spark-operatorsparkoperator.yaml | 51 + ...clusterrole_spark-operatoroperator-cr.yaml | 76 + ...nding_spark-operatorsparkoperator-crb.yaml | 16 + ...s.io_v1_role_spark-operatorspark-role.yaml | 23 + ...ding_spark-operatorspark-role-binding.yaml | 17 + ...viceaccount_spark-operatoroperator-sa.yaml | 9 + ...v1_serviceaccount_spark-operatorspark.yaml | 9 + .../application/spartakus/kustomize_test.go | 15 + ....k8s.io_v1beta1_application_spartakus.yaml | 37 + ...pps_v1_deployment_spartakus-volunteer.yaml | 41 + ....k8s.io_v1beta1_clusterrole_spartakus.yaml | 17 + ..._v1beta1_clusterrolebinding_spartakus.yaml | 17 + .../~g_v1_configmap_spartakus-config.yaml | 12 + .../~g_v1_serviceaccount_spartakus.yaml | 10 + tests/stacks/azure/kustomize_test.go | 15 + tests/stacks/azure/metadata/kustomize_test.go | 15 + ...default_apps_v1_deployment_deployment.yaml | 34 + ...map_metadata-db-parameters-hc59m6d49g.yaml | 11 + ...secret_metadata-db-secrets-c9d6622b8k.yaml | 10 + ..._deployment_metadata-envoy-deployment.yaml | 30 + ...1_deployment_metadata-grpc-deployment.yaml | 44 + ..._v1_configmap_metadata-grpc-configmap.yaml | 10 + ...g_v1_configmap_metadata-ui-parameters.yaml | 9 + ..._~g_v1_service_metadata-envoy-service.yaml | 17 + ...w_~g_v1_service_metadata-grpc-service.yaml | 17 + ...ebhook-mutating-webhook-configuration.yaml | 31 + ...inferenceservice.serving.kubeflow.org.yaml | 57 + ...istio.networking.internal.knative.dev.yaml | 23 + ...iguration_webhook.serving.knative.dev.yaml | 19 + ...istio.networking.internal.knative.dev.yaml | 23 + ...on_config.webhook.serving.knative.dev.yaml | 23 + ...inferenceservice.serving.kubeflow.org.yaml | 31 + ...alidation.webhook.serving.knative.dev.yaml | 19 + ...cates.networking.internal.knative.dev.yaml | 32 + ...on_configurations.serving.knative.dev.yaml | 61 + ...cedefinition_experiments.kubeflow.org.yaml | 31 + ...n_images.caching.internal.knative.dev.yaml | 24 + ...nferenceservices.serving.kubeflow.org.yaml | 3941 +++++++++++++++++ ...esses.networking.internal.knative.dev.yaml | 36 + ...rics.autoscaling.internal.knative.dev.yaml | 30 + ...sourcedefinition_mpijobs.kubeflow.org.yaml | 156 + ...esourcedefinition_mxjobs.kubeflow.org.yaml | 58 + ...urcedefinition_notebooks.kubeflow.org.yaml | 96 + ...lers.autoscaling.internal.knative.dev.yaml | 42 + ...cedefinition_poddefaults.kubeflow.org.yaml | 56 + ...ourcedefinition_profiles.kubeflow.org.yaml | 158 + ...cedefinition_pytorchjobs.kubeflow.org.yaml | 45 + ...inition_revisions.serving.knative.dev.yaml | 62 + ...definition_routes.serving.knative.dev.yaml | 57 + ...parkapplications.sparkoperator.k8s.io.yaml | 2550 +++++++++++ ...ition_scheduledworkflows.kubeflow.org.yaml | 21 + ...vices.networking.internal.knative.dev.yaml | 47 + ...finition_services.serving.knative.dev.yaml | 65 + ...parkapplications.sparkoperator.k8s.io.yaml | 2532 +++++++++++ ...cedefinition_suggestions.kubeflow.org.yaml | 37 + ...esourcedefinition_tfjobs.kubeflow.org.yaml | 50 + ...esourcedefinition_trials.kubeflow.org.yaml | 31 + ...sourcedefinition_viewers.kubeflow.org.yaml | 21 + ...ourcedefinition_workflows.argoproj.io.yaml | 19 + .../app.k8s.io_v1beta1_application_argo.yaml | 39 + ..._v1beta1_application_centraldashboard.yaml | 57 + ...o_v1beta1_application_jupyter-web-app.yaml | 53 + ..._v1beta1_application_katib-controller.yaml | 70 + ...k8s.io_v1beta1_application_katib-crds.yaml | 68 + ....k8s.io_v1beta1_application_kfserving.yaml | 46 + ...eta1_application_knative-serving-crds.yaml | 32 + ...1_application_knative-serving-install.yaml | 32 + ...1beta1_application_kubeflow-pipelines.yaml | 44 + .../app.k8s.io_v1beta1_application_minio.yaml | 31 + ...s.io_v1beta1_application_mpi-operator.yaml | 48 + ...io_v1beta1_application_mxnet-operator.yaml | 51 + .../app.k8s.io_v1beta1_application_mysql.yaml | 32 + ...tebook-controller-notebook-controller.yaml | 46 + ...v1beta1_application_profiles-profiles.yaml | 44 + ..._v1beta1_application_pytorch-job-crds.yaml | 46 + ..._v1beta1_application_pytorch-operator.yaml | 49 + ...io_v1beta1_application_spark-operator.yaml | 42 + ....k8s.io_v1beta1_application_spartakus.yaml | 37 + ...8s.io_v1beta1_application_tf-job-crds.yaml | 46 + ...o_v1beta1_application_tf-job-operator.yaml | 47 + ...pp.k8s.io_v1beta1_application_webhook.yaml | 39 + .../apps_v1_deployment_activator.yaml | 86 + ...ployment_admission-webhook-deployment.yaml | 42 + .../expected/apps_v1_deployment_argo-ui.yaml | 66 + .../apps_v1_deployment_autoscaler.yaml | 77 + ..._deployment_cache-deployer-deployment.yaml | 36 + .../apps_v1_deployment_cache-server.yaml | 79 + .../apps_v1_deployment_centraldashboard.yaml | 50 + .../apps_v1_deployment_controller.yaml | 57 + .../apps_v1_deployment_istio-webhook.yaml | 63 + ...deployment_jupyter-web-app-deployment.yaml | 63 + .../apps_v1_deployment_katib-controller.yaml | 61 + .../apps_v1_deployment_katib-db-manager.yaml | 60 + .../apps_v1_deployment_katib-mysql.yaml | 76 + .../expected/apps_v1_deployment_katib-ui.yaml | 46 + .../apps_v1_deployment_metadata-db.yaml | 55 + ..._deployment_metadata-envoy-deployment.yaml | 30 + ...1_deployment_metadata-grpc-deployment.yaml | 44 + .../apps_v1_deployment_metadata-writer.yaml | 32 + .../expected/apps_v1_deployment_minio.yaml | 53 + ...ployment_ml-pipeline-persistenceagent.yaml | 34 + ...loyment_ml-pipeline-scheduledworkflow.yaml | 32 + .../apps_v1_deployment_ml-pipeline-ui.yaml | 80 + ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 34 + ...yment_ml-pipeline-visualizationserver.yaml | 54 + .../apps_v1_deployment_ml-pipeline.yaml | 103 + .../apps_v1_deployment_mpi-operator.yaml | 38 + .../apps_v1_deployment_mxnet-operator.yaml | 42 + .../expected/apps_v1_deployment_mysql.yaml | 40 + .../apps_v1_deployment_networking-istio.yaml | 59 + ...oyment_notebook-controller-deployment.yaml | 51 + ...pps_v1_deployment_profiles-deployment.yaml | 97 + .../apps_v1_deployment_pytorch-operator.yaml | 45 + ...eployment_spark-operatorsparkoperator.yaml | 51 + ...pps_v1_deployment_spartakus-volunteer.yaml | 41 + .../apps_v1_deployment_tf-job-operator.yaml | 43 + .../expected/apps_v1_deployment_webhook.yaml | 61 + ...pps_v1_deployment_workflow-controller.yaml | 61 + ...tefulset_kfserving-controller-manager.yaml | 80 + ...ta1_horizontalpodautoscaler_activator.yaml | 22 + ...native.dev_v1alpha1_image_queue-proxy.yaml | 12 + ...a2_certificate_admission-webhook-cert.yaml | 18 + ....io_v1alpha2_certificate_serving-cert.yaml | 18 + ....io_v1alpha2_issuer_selfsigned-issuer.yaml | 12 + ...ubeflow.org_v1beta1_profile_anonymous.yaml | 9 + ...1alpha3_gateway_cluster-local-gateway.yaml | 21 + ...io.io_v1alpha3_virtualservice_argo-ui.yaml | 25 + ...lpha3_virtualservice_centraldashboard.yaml | 24 + ...alpha3_virtualservice_jupyter-web-app.yaml | 25 + ...o.io_v1alpha3_virtualservice_katib-ui.yaml | 24 + ...v1alpha3_virtualservice_metadata-grpc.yaml | 22 + ...1alpha3_virtualservice_ml-pipeline-ui.yaml | 25 + ...v1alpha3_virtualservice_profiles-kfam.yaml | 27 + ...errole_admission-webhook-cluster-role.yaml | 22 + ...on-webhook-kubeflow-poddefaults-admin.yaml | 15 + ...ion-webhook-kubeflow-poddefaults-edit.yaml | 15 + ...ion-webhook-kubeflow-poddefaults-view.yaml | 21 + ...8s.io_v1_clusterrole_centraldashboard.yaml | 19 + ...sterrole_jupyter-web-app-cluster-role.yaml | 59 + ...er-web-app-kubeflow-notebook-ui-admin.yaml | 11 + ...ter-web-app-kubeflow-notebook-ui-edit.yaml | 22 + ...ter-web-app-kubeflow-notebook-ui-view.yaml | 28 + ...8s.io_v1_clusterrole_katib-controller.yaml | 92 + ...zation.k8s.io_v1_clusterrole_katib-ui.yaml | 23 + ...v1_clusterrole_kfserving-manager-role.yaml | 169 + ...o_v1_clusterrole_kfserving-proxy-role.yaml | 22 + ..._knative-serving-addressable-resolver.yaml | 22 + ..._v1_clusterrole_knative-serving-admin.yaml | 14 + ...o_v1_clusterrole_knative-serving-core.yaml | 128 + ..._v1_clusterrole_knative-serving-istio.yaml | 25 + ...role_knative-serving-namespaced-admin.yaml | 20 + ...rrole_knative-serving-namespaced-edit.yaml | 23 + ...rrole_knative-serving-namespaced-view.yaml | 22 + ...e_knative-serving-podspecable-binding.yaml | 20 + ....k8s.io_v1_clusterrole_kubeflow-admin.yaml | 9 + ...n.k8s.io_v1_clusterrole_kubeflow-edit.yaml | 11 + ...o_v1_clusterrole_kubeflow-katib-admin.yaml | 13 + ...io_v1_clusterrole_kubeflow-katib-edit.yaml | 25 + ...io_v1_clusterrole_kubeflow-katib-view.yaml | 19 + ..._clusterrole_kubeflow-kfserving-admin.yaml | 15 + ...1_clusterrole_kubeflow-kfserving-edit.yaml | 25 + ...1_clusterrole_kubeflow-kfserving-view.yaml | 19 + ...clusterrole_kubeflow-kubernetes-admin.yaml | 27 + ..._clusterrole_kubeflow-kubernetes-edit.yaml | 135 + ..._clusterrole_kubeflow-kubernetes-view.yaml | 125 + ...v1_clusterrole_kubeflow-mpijobs-admin.yaml | 14 + ..._v1_clusterrole_kubeflow-mpijobs-edit.yaml | 25 + ..._v1_clusterrole_kubeflow-mpijobs-view.yaml | 19 + ..._v1_clusterrole_kubeflow-mxjobs-admin.yaml | 14 + ...o_v1_clusterrole_kubeflow-mxjobs-edit.yaml | 25 + ...o_v1_clusterrole_kubeflow-mxjobs-view.yaml | 19 + ...-pipelines-cache-deployer-clusterrole.yaml | 37 + ...lusterrole_kubeflow-pytorchjobs-admin.yaml | 14 + ...clusterrole_kubeflow-pytorchjobs-edit.yaml | 26 + ...clusterrole_kubeflow-pytorchjobs-view.yaml | 20 + ..._v1_clusterrole_kubeflow-tfjobs-admin.yaml | 14 + ...o_v1_clusterrole_kubeflow-tfjobs-edit.yaml | 25 + ...o_v1_clusterrole_kubeflow-tfjobs-view.yaml | 19 + ...n.k8s.io_v1_clusterrole_kubeflow-view.yaml | 11 + ...on.k8s.io_v1_clusterrole_mpi-operator.yaml | 107 + ...k-controller-kubeflow-notebooks-admin.yaml | 15 + ...ok-controller-kubeflow-notebooks-edit.yaml | 26 + ...ok-controller-kubeflow-notebooks-view.yaml | 20 + ..._clusterrole_notebook-controller-role.yaml | 54 + ...clusterrole_spark-operatoroperator-cr.yaml | 76 + ...dmission-webhook-cluster-role-binding.yaml | 17 + ...1_clusterrolebinding_centraldashboard.yaml | 16 + ..._jupyter-web-app-cluster-role-binding.yaml | 17 + ...1_clusterrolebinding_katib-controller.yaml | 15 + ...k8s.io_v1_clusterrolebinding_katib-ui.yaml | 15 + ...binding_kfserving-manager-rolebinding.yaml | 17 + ...lebinding_kfserving-proxy-rolebinding.yaml | 17 + ...ding_knative-serving-controller-admin.yaml | 17 + ...nes-cache-deployer-clusterrolebinding.yaml | 15 + ...io_v1_clusterrolebinding_mpi-operator.yaml | 17 + ...ding_notebook-controller-role-binding.yaml | 17 + ...binding_profiles-cluster-role-binding.yaml | 14 + ...nding_spark-operatorsparkoperator-crb.yaml | 16 + ...ation.k8s.io_v1_role_centraldashboard.yaml | 29 + ...ubeflow-pipelines-cache-deployer-role.yaml | 20 + ...v1_role_kubeflow-pipelines-cache-role.yaml | 36 + ...beflow-pipelines-metadata-writer-role.yaml | 36 + ...n.k8s.io_v1_role_leader-election-role.yaml | 37 + ...ole_ml-pipeline-persistenceagent-role.yaml | 25 + ...le_ml-pipeline-scheduledworkflow-role.yaml | 41 + ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 47 + ...le_ml-pipeline-viewer-controller-role.yaml | 34 + ...horization.k8s.io_v1_role_ml-pipeline.yaml | 41 + ...zation.k8s.io_v1_role_pipeline-runner.yaml | 84 + ...s.io_v1_role_spark-operatorspark-role.yaml | 23 + ...8s.io_v1_rolebinding_centraldashboard.yaml | 17 + ...ding_kubeflow-pipelines-cache-binding.yaml | 16 + ...-pipelines-cache-deployer-rolebinding.yaml | 16 + ...low-pipelines-metadata-writer-binding.yaml | 16 + ...lebinding_leader-election-rolebinding.yaml | 18 + ..._ml-pipeline-persistenceagent-binding.yaml | 16 + ...ml-pipeline-scheduledworkflow-binding.yaml | 16 + ....k8s.io_v1_rolebinding_ml-pipeline-ui.yaml | 17 + ...inding_ml-pipeline-viewer-crd-binding.yaml | 16 + ...ion.k8s.io_v1_rolebinding_ml-pipeline.yaml | 17 + ...1_rolebinding_pipeline-runner-binding.yaml | 16 + ...ding_spark-operatorspark-role-binding.yaml | 17 + ...on.k8s.io_v1beta1_clusterrole_argo-ui.yaml | 35 + ...ation.k8s.io_v1beta1_clusterrole_argo.yaml | 54 + ...io_v1beta1_clusterrole_mxnet-operator.yaml | 52 + ..._v1beta1_clusterrole_pytorch-operator.yaml | 33 + ....k8s.io_v1beta1_clusterrole_spartakus.yaml | 17 + ...o_v1beta1_clusterrole_tf-job-operator.yaml | 40 + ...io_v1beta1_clusterrolebinding_argo-ui.yaml | 17 + ...8s.io_v1beta1_clusterrolebinding_argo.yaml | 17 + ...ta1_clusterrolebinding_mxnet-operator.yaml | 17 + ...1_clusterrolebinding_pytorch-operator.yaml | 17 + ..._v1beta1_clusterrolebinding_spartakus.yaml | 17 + ...a1_clusterrolebinding_tf-job-operator.yaml | 17 + ...jupyter-web-app-jupyter-notebook-role.yaml | 41 + ...web-app-jupyter-notebook-role-binding.yaml | 17 + ...alpha1_servicerole_istio-service-role.yaml | 15 + ...olebinding_istio-service-role-binding.yaml | 15 + ...-webhook-admission-webhook-parameters.yaml | 14 + .../~g_v1_configmap_config-autoscaler.yaml | 149 + .../~g_v1_configmap_config-defaults.yaml | 81 + .../~g_v1_configmap_config-deployment.yaml | 30 + .../~g_v1_configmap_config-domain.yaml | 47 + .../expected/~g_v1_configmap_config-gc.yaml | 43 + .../~g_v1_configmap_config-istio.yaml | 59 + ...g_v1_configmap_config-leader-election.yaml | 57 + .../~g_v1_configmap_config-logging.yaml | 63 + .../~g_v1_configmap_config-network.yaml | 94 + .../~g_v1_configmap_config-observability.yaml | 27 + .../~g_v1_configmap_config-tracing.yaml | 45 + ...map_default-install-config-h877hbtmf7.yaml | 8 + ..._v1_configmap_inferenceservice-config.yaml | 90 + ...upyter-web-app-jupyter-web-app-config.yaml | 140 + ..._configmap_jupyter-web-app-parameters.yaml | 15 + .../~g_v1_configmap_katib-config.yaml | 66 + ..._configmap_kubeflow-config-bk4bc7m928.yaml | 11 + ...g_v1_configmap_metadata-db-parameters.yaml | 11 + ..._v1_configmap_metadata-grpc-configmap.yaml | 10 + ...g_v1_configmap_metadata-ui-parameters.yaml | 9 + ...v1_configmap_ml-pipeline-ui-configmap.yaml | 15 + .../~g_v1_configmap_mpi-operator-config.yaml | 12 + ...notebook-controller-config-h4d668t5tb.yaml | 13 + ...ap_pipeline-install-config-2829cc67f8.yaml | 15 + ...ne-upstream-install-config-d7hkh24mdg.yaml | 18 + ...p_profiles-profiles-config-4mgcmtgk6t.yaml | 10 + .../~g_v1_configmap_spartakus-config.yaml | 12 + .../~g_v1_configmap_trial-template.yaml | 77 + ...nfigmap_workflow-controller-configmap.yaml | 32 + ...figmap_workflow-controller-parameters.yaml | 23 + .../~g_v1_namespace_knative-serving.yaml | 9 + ..._v1_persistentvolumeclaim_katib-mysql.yaml | 14 + ..._persistentvolumeclaim_metadata-mysql.yaml | 13 + ...~g_v1_persistentvolumeclaim_minio-pvc.yaml | 14 + ..._persistentvolumeclaim_mysql-pv-claim.yaml | 15 + .../~g_v1_secret_istio-webhook-certs.yaml | 10 + .../~g_v1_secret_katib-controller.yaml | 8 + .../~g_v1_secret_katib-mysql-secrets.yaml | 11 + ...ecret_kfserving-webhook-server-secret.yaml | 10 + .../~g_v1_secret_metadata-db-secrets.yaml | 11 + ...g_v1_secret_mlpipeline-minio-artifact.yaml | 12 + .../~g_v1_secret_mysql-secret-fd5gktm75t.yaml | 12 + .../expected/~g_v1_secret_webhook-certs.yaml | 10 + .../~g_v1_service_activator-service.yaml | 31 + ..._v1_service_admission-webhook-service.yaml | 19 + .../expected/~g_v1_service_argo-ui.yaml | 21 + .../expected/~g_v1_service_autoscaler.yaml | 30 + .../expected/~g_v1_service_cache-server.yaml | 16 + .../~g_v1_service_centraldashboard.yaml | 29 + .../expected/~g_v1_service_controller.yaml | 24 + .../expected/~g_v1_service_istio-webhook.yaml | 27 + ...~g_v1_service_jupyter-web-app-service.yaml | 33 + .../~g_v1_service_katib-controller.yaml | 25 + .../~g_v1_service_katib-db-manager.yaml | 21 + .../expected/~g_v1_service_katib-mysql.yaml | 21 + .../expected/~g_v1_service_katib-ui.yaml | 22 + ...ng-controller-manager-metrics-service.yaml | 28 + ..._kfserving-controller-manager-service.yaml | 22 + ...vice_kfserving-webhook-server-service.yaml | 20 + .../expected/~g_v1_service_metadata-db.yaml | 17 + .../~g_v1_service_metadata-envoy-service.yaml | 17 + .../~g_v1_service_metadata-grpc-service.yaml | 17 + .../expected/~g_v1_service_minio-service.yaml | 18 + .../~g_v1_service_ml-pipeline-ui.yaml | 19 + ...rvice_ml-pipeline-visualizationserver.yaml | 18 + .../expected/~g_v1_service_ml-pipeline.yaml | 22 + .../expected/~g_v1_service_mysql.yaml | 18 + ...1_service_notebook-controller-service.yaml | 18 + .../expected/~g_v1_service_profiles-kfam.yaml | 12 + .../~g_v1_service_pytorch-operator.yaml | 25 + .../~g_v1_service_tf-job-operator.yaml | 25 + .../expected/~g_v1_service_webhook.yaml | 27 + ...unt_admission-webhook-service-account.yaml | 10 + .../~g_v1_serviceaccount_argo-ui.yaml | 9 + .../expected/~g_v1_serviceaccount_argo.yaml | 9 + ...~g_v1_serviceaccount_centraldashboard.yaml | 8 + .../~g_v1_serviceaccount_controller.yaml | 10 + ...count_jupyter-web-app-service-account.yaml | 10 + ...~g_v1_serviceaccount_katib-controller.yaml | 8 + .../~g_v1_serviceaccount_katib-ui.yaml | 8 + ..._kubeflow-pipelines-cache-deployer-sa.yaml | 8 + ...rviceaccount_kubeflow-pipelines-cache.yaml | 8 + ..._kubeflow-pipelines-container-builder.yaml | 8 + ...nt_kubeflow-pipelines-metadata-writer.yaml | 8 + ...viceaccount_kubeflow-pipelines-viewer.yaml | 8 + ...eaccount_ml-pipeline-persistenceagent.yaml | 8 + ...account_ml-pipeline-scheduledworkflow.yaml | 8 + .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 8 + ...l-pipeline-viewer-crd-service-account.yaml | 8 + ...count_ml-pipeline-visualizationserver.yaml | 8 + .../~g_v1_serviceaccount_ml-pipeline.yaml | 8 + .../~g_v1_serviceaccount_mpi-operator.yaml | 10 + .../~g_v1_serviceaccount_mxnet-operator.yaml | 10 + ...t_notebook-controller-service-account.yaml | 10 + .../~g_v1_serviceaccount_pipeline-runner.yaml | 8 + ...t_profiles-controller-service-account.yaml | 7 + ...~g_v1_serviceaccount_pytorch-operator.yaml | 10 + ...viceaccount_spark-operatoroperator-sa.yaml | 9 + ...v1_serviceaccount_spark-operatorspark.yaml | 9 + .../~g_v1_serviceaccount_spartakus.yaml | 10 + ...~g_v1_serviceaccount_tf-job-dashboard.yaml | 10 + .../~g_v1_serviceaccount_tf-job-operator.yaml | 10 + 560 files changed, 37794 insertions(+) create mode 100644 tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/kustomize_test.go create mode 100644 tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml create mode 100644 tests/stacks/azure/application/cert-manager-crds/kustomize_test.go create mode 100644 tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml create mode 100644 tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml create mode 100644 tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml create mode 100644 tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml create mode 100644 tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml create mode 100644 tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml create mode 100644 tests/stacks/azure/application/cert-manager-kube-system-resources/kustomize_test.go create mode 100644 tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml create mode 100644 tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml create mode 100644 tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml create mode 100644 tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml create mode 100644 tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml create mode 100644 tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml create mode 100644 tests/stacks/azure/application/cert-manager/kustomize_test.go create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml create mode 100644 tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/kustomize_test.go create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizationpolicies.rbac.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_daemonset_istio-nodeagent.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_prometheus.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/batch_v1_job_istio-security-post-install-release-1.3-latest-daily.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_attributes.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestcount.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestduration.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestsize.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_responsesize.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytereceived.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytesent.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsclosed.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsopened.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-sidecar-injector.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-nodeagent-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-nodeagent-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-ingressgateway.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-ingressgateway.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-install-parameters-5kmkd2f29g.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_prometheus.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_namespace_istio-system.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-citadel.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-galley.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-pilot.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-policy.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_prometheus.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-nodeagent-service-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml create mode 100644 tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml create mode 100644 tests/stacks/azure/application/istio/kustomize_test.go create mode 100644 tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml create mode 100644 tests/stacks/azure/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/kustomize_test.go create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/kustomize_test.go create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml create mode 100644 tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml create mode 100644 tests/stacks/azure/application/oidc-authservice/kustomize_test.go create mode 100644 tests/stacks/azure/application/oidc-authservice/test_data/expected/app.k8s.io_v1beta1_application_oidc-authservice.yaml create mode 100644 tests/stacks/azure/application/oidc-authservice/test_data/expected/apps_v1_statefulset_authservice.yaml create mode 100644 tests/stacks/azure/application/oidc-authservice/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_authn-filter.yaml create mode 100644 tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml create mode 100644 tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_persistentvolumeclaim_authservice-pvc.yaml create mode 100644 tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_service_authservice.yaml create mode 100644 tests/stacks/azure/application/spark-operator/kustomize_test.go create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml create mode 100644 tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml create mode 100644 tests/stacks/azure/application/spartakus/kustomize_test.go create mode 100644 tests/stacks/azure/application/spartakus/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml create mode 100644 tests/stacks/azure/application/spartakus/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml create mode 100644 tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml create mode 100644 tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml create mode 100644 tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_configmap_spartakus-config.yaml create mode 100644 tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_serviceaccount_spartakus.yaml create mode 100644 tests/stacks/azure/kustomize_test.go create mode 100644 tests/stacks/azure/metadata/kustomize_test.go create mode 100644 tests/stacks/azure/metadata/test_data/expected/default_apps_v1_deployment_deployment.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/default_~g_v1_configmap_metadata-db-parameters-hc59m6d49g.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/default_~g_v1_secret_metadata-db-secrets-c9d6622b8k.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-envoy-deployment.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-grpc-deployment.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-grpc-configmap.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-ui-parameters.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-envoy-service.yaml create mode 100644 tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-grpc-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.istio.networking.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.serving.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.istio.networking.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.serving.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_validation.webhook.serving.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.networking.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_configurations.serving.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_images.caching.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_inferenceservices.serving.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_ingresses.networking.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.autoscaling.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mpijobs.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mxjobs.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_podautoscalers.autoscaling.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_revisions.serving.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_routes.serving.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serverlessservices.networking.internal.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serving.knative.dev.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml create mode 100644 tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kfserving.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-crds.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-install.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mpi-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mxnet-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_activator.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_argo-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_autoscaler.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-server.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_istio-webhook.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-db-manager.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-writer.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_minio.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_mpi-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_mxnet-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_mysql.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_networking-istio.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_profiles-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_pytorch-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_tf-job-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_webhook.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_deployment_workflow-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/apps_v1_statefulset_kfserving-controller-manager.yaml create mode 100644 tests/stacks/azure/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_activator.yaml create mode 100644 tests/stacks/azure/test_data/expected/caching.internal.knative.dev_v1alpha1_image_queue-proxy.yaml create mode 100644 tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml create mode 100644 tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_serving-cert.yaml create mode 100644 tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_issuer_selfsigned-issuer.yaml create mode 100644 tests/stacks/azure/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_gateway_cluster-local-gateway.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-manager-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-proxy-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-addressable-resolver.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-core.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-istio.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-podspecable-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_mpi-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-manager-rolebinding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-proxy-rolebinding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_knative-serving-controller-admin.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_mpi-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_leader-election-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_leader-election-rolebinding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_mxnet-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_mxnet-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-service-role.yaml create mode 100644 tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-service-role-binding.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-autoscaler.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-defaults.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-deployment.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-domain.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-gc.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-istio.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-leader-election.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-logging.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-network.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-observability.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_config-tracing.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_inferenceservice-config.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_katib-config.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_kubeflow-config-bk4bc7m928.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_mpi-operator-config.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-d7hkh24mdg.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_spartakus-config.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_trial-template.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_namespace_knative-serving.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_istio-webhook-certs.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_katib-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_kfserving-webhook-server-secret.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_secret_webhook-certs.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_activator-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_admission-webhook-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_argo-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_autoscaler.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_cache-server.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_istio-webhook.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_katib-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_katib-db-manager.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_katib-mysql.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_katib-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-metrics-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-webhook-server-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_metadata-db.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_metadata-envoy-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_metadata-grpc-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_minio-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_mysql.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_notebook-controller-service.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_profiles-kfam.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_pytorch-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_tf-job-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_service_webhook.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mpi-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mxnet-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spartakus.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml create mode 100644 tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml diff --git a/tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/kustomize_test.go b/tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/kustomize_test.go new file mode 100644 index 0000000000..88052a4659 --- /dev/null +++ b/tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/kustomize_test.go @@ -0,0 +1,15 @@ +package add_anonymous_user_filter_istio_1_6 + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/add-anonymous-user-filter-istio-1-6", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml b/tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml new file mode 100644 index 0000000000..807338f755 --- /dev/null +++ b/tests/stacks/azure/application/add-anonymous-user-filter-istio-1-6/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: add-user-filter + namespace: istio-system +spec: + configPatches: + - applyTo: HTTP_FILTER + match: + context: GATEWAY + listener: + filterChain: + filter: + name: envoy.http_connection_manager + subFilter: + name: envoy.router + patch: + operation: INSERT_BEFORE + value: + name: envoy.lua + typed_config: + '@type': type.googleapis.com/envoy.config.filter.http.lua.v2.Lua + inlineCode: | + function envoy_on_request(request_handle) + request_handle:headers():add("kubeflow-userid","anonymous@kubeflow.org") + end + workloadSelector: + labels: + app: istio-ingressgateway diff --git a/tests/stacks/azure/application/cert-manager-crds/kustomize_test.go b/tests/stacks/azure/application/cert-manager-crds/kustomize_test.go new file mode 100644 index 0000000000..b56cc705ae --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-crds/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager_crds + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/cert-manager-crds", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml new file mode 100644 index 0000000000..0b81ee91ef --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml @@ -0,0 +1,181 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: certificaterequests.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: cert-manager.io + names: + kind: CertificateRequest + listKind: CertificateRequestList + plural: certificaterequests + shortNames: + - cr + - crs + singular: certificaterequest + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: CertificateRequest is a type to represent a Certificate Signing + Request + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateRequestSpec defines the desired state of CertificateRequest + properties: + csr: + description: Byte slice containing the PEM encoded CertificateSigningRequest + format: byte + type: string + duration: + description: Requested certificate default Duration + type: string + isCA: + description: IsCA will mark the resulting certificate as valid for signing. + This implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this CertificateRequest. If + the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the CertificateRequest + will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. The group field refers to the API group + of the issuer which defaults to 'cert-manager.io' if empty. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + type: object + status: + description: CertificateStatus defines the observed state of CertificateRequest + and resulting signed certificate. + properties: + ca: + description: Byte slice containing the PEM encoded certificate authority + of the signed certificate. + format: byte + type: string + certificate: + description: Byte slice containing a PEM encoded signed certificate + resulting from the given certificate signing request. + format: byte + type: string + conditions: + items: + description: CertificateRequestCondition contains condition information + for a CertificateRequest. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + failureTime: + description: FailureTime stores the time that this CertificateRequest + failed. This is used to influence garbage collection and back-off. + format: date-time + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml new file mode 100644 index 0000000000..6a46d9446b --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml @@ -0,0 +1,235 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: certificates.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.secretName + name: Secret + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: cert-manager.io + names: + kind: Certificate + listKind: CertificateList + plural: certificates + shortNames: + - cert + - certs + singular: certificate + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Certificate is a type to represent a Certificate from ACME + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateSpec defines the desired state of Certificate. A + valid Certificate requires at least one of a CommonName, DNSName, or URISAN + to be valid. + properties: + commonName: + description: CommonName is a common name to be used on the Certificate. + The CommonName should have a length of 64 characters or fewer to avoid + generating invalid CSRs. + type: string + dnsNames: + description: DNSNames is a list of subject alt names to be used on the + Certificate. + items: + type: string + type: array + duration: + description: Certificate default Duration + type: string + ipAddresses: + description: IPAddresses is a list of IP addresses to be used on the + Certificate + items: + type: string + type: array + isCA: + description: IsCA will mark this Certificate as valid for signing. This + implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this certificate. + If the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the Certificate will + be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + keyAlgorithm: + description: KeyAlgorithm is the private key algorithm of the corresponding + private key for this certificate. If provided, allowed values are + either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize is + not provided, key size of 256 will be used for "ecdsa" key algorithm + and key size of 2048 will be used for "rsa" key algorithm. + enum: + - rsa + - ecdsa + type: string + keyEncoding: + description: KeyEncoding is the private key cryptography standards (PKCS) + for this certificate's private key to be encoded in. If provided, + allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, + respectively. If KeyEncoding is not specified, then PKCS#1 will be + used by default. + enum: + - pkcs1 + - pkcs8 + type: string + keySize: + description: KeySize is the key bit size of the corresponding private + key for this certificate. If provided, value must be between 2048 + and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa", + and value must be one of (256, 384, 521) when KeyAlgorithm is set + to "ecdsa". + type: integer + organization: + description: Organization is the organization to be used on the Certificate + items: + type: string + type: array + renewBefore: + description: Certificate renew before expiration duration + type: string + secretName: + description: SecretName is the name of the secret resource to store + this secret in + type: string + uriSANs: + description: URISANs is a list of URI Subject Alternative Names to be + set on this Certificate. + items: + type: string + type: array + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + - secretName + type: object + status: + description: CertificateStatus defines the observed state of Certificate + properties: + conditions: + items: + description: CertificateCondition contains condition information for + an Certificate. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + lastFailureTime: + format: date-time + type: string + notAfter: + description: The expiration time of the certificate stored in the secret + named by this resource in spec.secretName. + format: date-time + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml new file mode 100644 index 0000000000..32c452b7c2 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml @@ -0,0 +1,1369 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: challenges.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.dnsName + name: Domain + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: acme.cert-manager.io + names: + kind: Challenge + listKind: ChallengeList + plural: challenges + singular: challenge + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Challenge is a type to represent a Challenge request with an ACME + server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authzURL: + description: AuthzURL is the URL to the ACME Authorization resource + that this challenge is a part of. + type: string + dnsName: + description: DNSName is the identifier that this challenge is for, e.g. + example.com. + type: string + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Challenge. If the Issuer does + not exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Challenge will be marked + as failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + key: + description: Key is the ACME challenge key for this challenge + type: string + solver: + description: Solver contains the domain solving configuration that should + be used to solve this challenge resource. Only **one** of 'config' + or 'solver' may be specified, and if both are specified then no action + will be performed on the Challenge resource. + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure containing + the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure containing + the DNS configuration for Akamai DNS—Zone Record Management + API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a structure + containing the DNS configuration for DigitalOcean Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure containing + the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting RFC2136. + Required. Note: FQDN is not a valid value, only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the DNS supporting + RFC2136. Used only when ""tsigSecretSecretRef"" and ""tsigKeyName"" + are defined. Supported values are (case-insensitive): + ""HMACMD5"" (default), ""HMACSHA1"", ""HMACSHA256"" or + ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. If + ""tsigSecretSecretRef"" is defined, this field is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the TSIG + value. If ""tsigKeyName"" is defined, this field is required. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure containing + the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only this + zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName + api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 provider + will assume using either the explicit credentials AccessKeyID/SecretAccessKey + or the inferred credentials from environment variables, + shared credentials file or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies configuration + for a webhook DNS01 provider, including where to POST ChallengePayload + resources. + properties: + config: + description: Additional configuration that should be passed + to the webhook apiserver when challenges are processed. + This can contain arbitrary JSON data. Secret values should + not be specified in this stanza. If secret values are + needed (e.g. credentials for a DNS service), you should + use a SecretKeySelector to reference a Secret resource. + For details on the schema of this field, consult the webhook + provider implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used when + POSTing ChallengePayload resources to the webhook apiserver. + This should be the same as the GroupName specified in + the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined in + the webhook provider implementation. This will typically + be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration detailing + how to solve HTTP01 challenges within a Kubernetes cluster. Typically + this is accomplished through creating 'routes' of some description + that configure ingress controllers to direct traffic to 'solver + pods', which are responsible for responding to the ACME server's + HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver will + solve challenges by creating or modifying Ingress resources + in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating Ingress + resources to solve ACME challenges that use this challenge + solver. Only one of 'class' or 'name' may be specified. + type: string + name: + description: The name of the ingress resource that should + have ACME challenge solving routes inserted into it in + order to solve HTTP01 challenges. This is typically used + in conjunction with ingress controllers like ingress-gce, + which maintains a 1:1 mapping between external IPs and + ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure the + ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod used to + solve HTTP01 challenges. Only the 'labels' and 'annotations' + fields may be set. If labels or annotations overlap + with in-built values, the values here will override + the in-built values. + type: object + spec: + description: PodSpec defines overrides for the HTTP01 + challenge solver pod. Only the 'nodeSelector', 'affinity' + and 'tolerations' fields are supported currently. + All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no + objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to an update), the system may or may + not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches + the corresponding podAffinityTerm; the + node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by + this field, but it may choose a node that + violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of the + scheduling requirements (resource request, + requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and + adding "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector + which must match a node''s labels for the pod + to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means to + match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists + and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By + default, it is not set, which means tolerate + the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator is + Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes solver + service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be used + to solve. If specified and a match is found, a dnsNames selector + will take precedence over a dnsZones selector. If multiple + solvers match with the same dnsNames value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be used + to solve. The most specific DNS zone match specified here + will take precedence over other DNS zone matches, so a solver + specifying sys.example.com will be selected over one specifying + example.com for the domain www.sys.example.com. If multiple + solvers match with the same dnsZones value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the set + of certificate's that this challenge solver will apply to. + type: object + type: object + type: object + token: + description: Token is the ACME challenge token for this challenge. + type: string + type: + description: Type is the type of ACME challenge this resource represents, + e.g. "dns01" or "http01" + type: string + url: + description: URL is the URL of the ACME Challenge resource for this + challenge. This can be used to lookup details about the status of + this challenge. + type: string + wildcard: + description: Wildcard will be true if this challenge is for a wildcard + identifier, for example '*.example.com' + type: boolean + required: + - authzURL + - dnsName + - issuerRef + - key + - token + - type + - url + type: object + status: + properties: + presented: + description: Presented will be set to true if the challenge values for + this challenge are currently 'presented'. This *does not* imply the + self check is passing. Only that the values have been 'submitted' + for the appropriate challenge mechanism (i.e. the DNS01 TXT record + has been presented, or the HTTP01 configuration has been configured). + type: boolean + processing: + description: Processing is used to denote whether this challenge should + be processed or not. This field will only be set to true by the 'scheduling' + component. It will only be set to false by the 'challenges' controller, + after the challenge has reached a final state or timed out. If this + field is set to false, the challenge controller will not take any + more action. + type: boolean + reason: + description: Reason contains human readable information on why the Challenge + is in the current state. + type: string + state: + description: State contains the current 'state' of the challenge. If + not set, the state of the challenge is unknown. + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + type: object + required: + - metadata + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml new file mode 100644 index 0000000000..7691a8e2fd --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml @@ -0,0 +1,1655 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterissuers.cert-manager.io +spec: + group: cert-manager.io + names: + kind: ClusterIssuer + listKind: ClusterIssuerList + plural: clusterissuers + singular: clusterissuer + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ""tsigSecretSecretRef"" + and ""tsigKeyName"" are defined. Supported values + are (case-insensitive): ""HMACMD5"" (default), ""HMACSHA1"", + ""HMACSHA256"" or ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ""tsigSecretSecretRef"" is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ""tsigKeyName"" is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The value here will be used as part of the + path used when authenticating with vault, for example + if you set a value of "foo", the path used will be "/v1/auth/foo/login". + If unspecified, the default value "kubernetes" will be + used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + - url + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certifiate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml new file mode 100644 index 0000000000..d529bff171 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml @@ -0,0 +1,1655 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: issuers.cert-manager.io +spec: + group: cert-manager.io + names: + kind: Issuer + listKind: IssuerList + plural: issuers + singular: issuer + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ""tsigSecretSecretRef"" + and ""tsigKeyName"" are defined. Supported values + are (case-insensitive): ""HMACMD5"" (default), ""HMACSHA1"", + ""HMACSHA256"" or ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ""tsigSecretSecretRef"" is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ""tsigKeyName"" is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The value here will be used as part of the + path used when authenticating with vault, for example + if you set a value of "foo", the path used will be "/v1/auth/foo/login". + If unspecified, the default value "kubernetes" will be + used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + - url + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certifiate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml new file mode 100644 index 0000000000..12b262c51e --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml @@ -0,0 +1,200 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: orders.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: acme.cert-manager.io + names: + kind: Order + listKind: OrderList + plural: orders + singular: order + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Order is a type to represent an Order with an ACME server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: CommonName is the common name as specified on the DER encoded + CSR. If CommonName is not specified, the first DNSName specified will + be used as the CommonName. At least one of CommonName or a DNSNames + must be set. This field must match the corresponding field on the + DER encoded CSR. + type: string + csr: + description: Certificate signing request bytes in DER encoding. This + will be used when finalizing the order. This field must be set on + the order. + format: byte + type: string + dnsNames: + description: DNSNames is a list of DNS names that should be included + as part of the Order validation process. If CommonName is not specified, + the first DNSName specified will be used as the CommonName. At least + one of CommonName or a DNSNames must be set. This field must match + the corresponding field on the DER encoded CSR. + items: + type: string + type: array + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Order. If the Issuer does not + exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Order will be marked as + failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + required: + - csr + - issuerRef + type: object + status: + properties: + authorizations: + description: Authorizations contains data returned from the ACME server + on what authoriations must be completed in order to validate the DNS + names specified on the Order. + items: + description: ACMEAuthorization contains data returned from the ACME + server on an authorization that must be completed in order validate + a DNS name on an ACME Order resource. + properties: + challenges: + description: Challenges specifies the challenge types offered + by the ACME server. One of these challenge types will be selected + when validating the DNS name and an appropriate Challenge resource + will be created to perform the ACME challenge process. + items: + description: Challenge specifies a challenge offered by the + ACME server for an Order. An appropriate Challenge resource + can be created to perform the ACME challenge process. + properties: + token: + description: Token is the token that must be presented for + this challenge. This is used to compute the 'key' that + must also be presented. + type: string + type: + description: Type is the type of challenge being offered, + e.g. http-01, dns-01 + type: string + url: + description: URL is the URL of this challenge. It can be + used to retrieve additional metadata about the Challenge + from the ACME server. + type: string + required: + - token + - type + - url + type: object + type: array + identifier: + description: Identifier is the DNS name to be validated as part + of this authorization + type: string + url: + description: URL is the URL of the Authorization that must be + completed + type: string + wildcard: + description: Wildcard will be true if this authorization is for + a wildcard DNS name. If this is true, the identifier will be + the *non-wildcard* version of the DNS name. For example, if + '*.example.com' is the DNS name being validated, this field + will be 'true' and the 'identifier' field will be 'example.com'. + type: boolean + required: + - url + type: object + type: array + certificate: + description: Certificate is a copy of the PEM encoded certificate for + this Order. This field will be populated after the order has been + successfully finalized with the ACME server, and the order has transitioned + to the 'valid' state. + format: byte + type: string + failureTime: + description: FailureTime stores the time that this order failed. This + is used to influence garbage collection and back-off. + format: date-time + type: string + finalizeURL: + description: FinalizeURL of the Order. This is used to obtain certificates + for this order once it has been completed. + type: string + reason: + description: Reason optionally provides more information about a why + the order is in the current state. + type: string + state: + description: State contains the current state of this Order resource. + States 'success' and 'expired' are 'final' + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + url: + description: URL of the Order. This will initially be empty when the + resource is first created. The Order controller will populate this + field when the Order is first processed. This field will be immutable + after it is initially set. + type: string + type: object + required: + - metadata + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/cert-manager-kube-system-resources/kustomize_test.go b/tests/stacks/azure/application/cert-manager-kube-system-resources/kustomize_test.go new file mode 100644 index 0000000000..f72dbf419f --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-kube-system-resources/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager_kube_system_resources + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/cert-manager-kube-system-resources", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml new file mode 100644 index 0000000000..c37a3b7497 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: cainjector + kustomize.component: cert-manager + name: cert-manager-cainjector:leaderelection + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - patch diff --git a/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml new file mode 100644 index 0000000000..542fbcbd59 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: cert-manager + kustomize.component: cert-manager + name: cert-manager:leaderelection + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - patch diff --git a/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml new file mode 100644 index 0000000000..a47a2fe74f --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: cainjector + kustomize.component: cert-manager + name: cert-manager-cainjector:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager-cainjector:leaderelection +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml new file mode 100644 index 0000000000..f7ec38a254 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: webhook + kustomize.component: cert-manager + name: cert-manager-webhook:webhook-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml new file mode 100644 index 0000000000..25a7fde904 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: cert-manager + kustomize.component: cert-manager + name: cert-manager:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager:leaderelection +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml new file mode 100644 index 0000000000..d8e47f2a94 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + certManagerNamespace: cert-manager +kind: ConfigMap +metadata: + labels: + kustomize.component: cert-manager + name: cert-manager-kube-params-parameters + namespace: kube-system diff --git a/tests/stacks/azure/application/cert-manager/kustomize_test.go b/tests/stacks/azure/application/cert-manager/kustomize_test.go new file mode 100644 index 0000000000..6b9c9bba3d --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/cert-manager", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml new file mode 100644 index 0000000000..93e06c4304 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml @@ -0,0 +1,35 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-apiserver-ca: "true" + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook +webhooks: +- clientConfig: + caBundle: "" + service: + name: kubernetes + namespace: default + path: /apis/webhook.cert-manager.io/v1beta1/mutations + failurePolicy: Fail + name: webhook.cert-manager.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - certificates + - issuers + - clusterissuers + - orders + - challenges + - certificaterequests diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml new file mode 100644 index 0000000000..36a2524012 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml @@ -0,0 +1,34 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-apiserver-ca: "true" + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook +webhooks: +- clientConfig: + caBundle: "" + service: + name: kubernetes + namespace: default + path: /apis/webhook.cert-manager.io/v1beta1/validations + failurePolicy: Fail + name: webhook.certmanager.k8s.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - certificates + - issuers + - clusterissuers + - certificaterequests + sideEffects: None diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml new file mode 100644 index 0000000000..21cdee5406 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: v1beta1.webhook.cert-manager.io +spec: + group: webhook.cert-manager.io + groupPriorityMinimum: 1000 + service: + name: cert-manager-webhook + namespace: cert-manager + version: v1beta1 + versionPriority: 15 diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml new file mode 100644 index 0000000000..09a9cfab99 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml @@ -0,0 +1,41 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + addOwnerRef: true + componentKinds: + - group: rbac + kind: ClusterRole + - group: rbac + kind: ClusterRoleBinding + - group: core + kind: Namespace + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Automatically provision and manage TLS certificates in Kubernetes + https://jetstack.io. + keywords: + - cert-manager + links: + - description: About + url: https://github.com/jetstack/cert-manager + type: "" + version: v0.10.0 + selector: + matchLabels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: cert-manager + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..6ae84bc8c0 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: null + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-cainjector:v0.11.0 + imagePullPolicy: IfNotPresent + name: cainjector + resources: {} + serviceAccountName: cert-manager-cainjector diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml new file mode 100644 index 0000000000..33ab9729d5 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: null + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --secure-port=6443 + - --tls-cert-file=/certs/tls.crt + - --tls-private-key-file=/certs/tls.key + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-webhook:v0.11.0 + imagePullPolicy: IfNotPresent + name: cert-manager + resources: {} + volumeMounts: + - mountPath: /certs + name: certs + serviceAccountName: cert-manager-webhook + volumes: + - name: certs + secret: + secretName: cert-manager-webhook-tls diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml new file mode 100644 index 0000000000..8a116d7b30 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "9402" + prometheus.io/scrape: "true" + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --webhook-namespace=$(POD_NAMESPACE) + - --webhook-ca-secret=cert-manager-webhook-ca + - --webhook-serving-secret=cert-manager-webhook-tls + - --webhook-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-controller:v0.11.0 + imagePullPolicy: IfNotPresent + name: cert-manager + ports: + - containerPort: 9402 + resources: + requests: + cpu: 10m + memory: 32Mi + serviceAccountName: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml new file mode 100644 index 0000000000..2a25e06d49 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: kubeflow-self-signing-issuer + namespace: cert-manager +spec: + selfSigned: {} diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml new file mode 100644 index 0000000000..6ce5b8e0cc --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cert-manager-edit +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml new file mode 100644 index 0000000000..f62a08529b --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cert-manager-view +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml new file mode 100644 index 0000000000..b0d464bfd5 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook:webhook-requester +rules: +- apiGroups: + - admission.cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + - clusterissuers + verbs: + - create diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..ce897a6a3b --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - create + - update + - patch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - update diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml new file mode 100644 index 0000000000..ad80b32de5 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml @@ -0,0 +1,64 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-certificates +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificates/status + - certificaterequests + - certificaterequests/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates/finalizers + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml new file mode 100644 index 0000000000..fb0a1201cf --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml @@ -0,0 +1,86 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-challenges +rules: +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - issuers + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - extensions + - networking.k8s.io/v1 + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml new file mode 100644 index 0000000000..bea275aa9c --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-clusterissuers +rules: +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml new file mode 100644 index 0000000000..a276b13742 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-ingress-shim +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + verbs: + - create + - update + - delete +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io/v1 + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io/v1 + resources: + - ingresses/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml new file mode 100644 index 0000000000..13b98eeaae --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-issuers +rules: +- apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml new file mode 100644 index 0000000000..d5f2de3e1b --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-orders +rules: +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - challenges + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete +- apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..bd1d73f13b --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-cainjector +subjects: +- kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml new file mode 100644 index 0000000000..80792a8f24 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-certificates +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-certificates +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml new file mode 100644 index 0000000000..7ee5331ba6 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-challenges +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-challenges +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml new file mode 100644 index 0000000000..bbc5ee440a --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-clusterissuers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-clusterissuers +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml new file mode 100644 index 0000000000..6a79270953 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-ingress-shim +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-ingress-shim +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml new file mode 100644 index 0000000000..854ffd11fe --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-issuers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-issuers +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml new file mode 100644 index 0000000000..137f15e731 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-orders +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-orders +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml new file mode 100644 index 0000000000..b19073be57 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml new file mode 100644 index 0000000000..f40a39080a --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + namespace: cert-manager +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-parameters + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml new file mode 100644 index 0000000000..d0a3fd2d22 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml new file mode 100644 index 0000000000..adb10f9073 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager +spec: + ports: + - name: https + port: 443 + targetPort: 6443 + selector: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + type: ClusterIP diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml new file mode 100644 index 0000000000..b25a401652 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + ports: + - port: 9402 + protocol: TCP + targetPort: 9402 + selector: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + type: ClusterIP diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml new file mode 100644 index 0000000000..e71b15aaa6 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml new file mode 100644 index 0000000000..11c24d45c8 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml new file mode 100644 index 0000000000..882e257d96 --- /dev/null +++ b/tests/stacks/azure/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/kustomize_test.go b/tests/stacks/azure/application/istio-1-3-1-stack/kustomize_test.go new file mode 100644 index 0000000000..09a7ad62d7 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/kustomize_test.go @@ -0,0 +1,15 @@ +package istio_1_3_1_stack + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/istio-1-3-1-stack", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..d7aa03f87d --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml @@ -0,0 +1,27 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app: sidecarInjectorWebhook + name: istio-sidecar-injector +webhooks: +- clientConfig: + caBundle: "" + service: + name: istio-sidecar-injector + namespace: istio-system + path: /inject + failurePolicy: Fail + name: sidecar-injector.istio.io + namespaceSelector: + matchLabels: + istio-injection: enabled + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml new file mode 100644 index 0000000000..7edbd19816 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: mixer-adapter + kustomize.component: istio-crds + package: adapter + name: adapters.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: adapter + plural: adapters + singular: adapter + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml new file mode 100644 index 0000000000..7864def1ea --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: core + kustomize.component: istio-crds + package: istio.io.mixer + name: attributemanifests.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: attributemanifest + plural: attributemanifests + singular: attributemanifest + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizationpolicies.rbac.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizationpolicies.rbac.istio.io.yaml new file mode 100644 index 0000000000..1180849525 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizationpolicies.rbac.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-pilot + istio: rbac + kustomize.component: istio-crds + name: authorizationpolicies.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: AuthorizationPolicy + plural: authorizationpolicies + singular: authorizationpolicy + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..2a4631cf5e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml @@ -0,0 +1,42 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: certmanager + kustomize.component: istio-crds + name: certificates.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.secretName + name: Secret + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Certificate + plural: certificates + shortNames: + - cert + - certs + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..138b667371 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: certmanager + kustomize.component: istio-crds + name: challenges.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.dnsName + name: Domain + type: string + - JSONPath: .status.reason + name: Reason + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Challenge + plural: challenges + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..f0e7d55b9d --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml @@ -0,0 +1,17 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: certmanager + kustomize.component: istio-crds + name: clusterissuers.certmanager.k8s.io +spec: + group: certmanager.k8s.io + names: + kind: ClusterIssuer + plural: clusterissuers + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml new file mode 100644 index 0000000000..6a7257c6db --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + istio: rbac + kustomize.component: istio-crds + name: clusterrbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ClusterRbacConfig + plural: clusterrbacconfigs + singular: clusterrbacconfig + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml new file mode 100644 index 0000000000..00470c08e2 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-pilot + kustomize.component: istio-crds + name: destinationrules.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.host + description: The name of a service from the service registry + name: Host + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: DestinationRule + listKind: DestinationRuleList + plural: destinationrules + shortNames: + - dr + singular: destinationrule + scope: Namespaced + versions: + - name: v1alpha3 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml new file mode 100644 index 0000000000..d3560e8cbb --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-pilot + kustomize.component: istio-crds + name: envoyfilters.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: EnvoyFilter + plural: envoyfilters + singular: envoyfilter + scope: Namespaced + versions: + - name: v1alpha3 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml new file mode 100644 index 0000000000..787adcd33c --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-pilot + kustomize.component: istio-crds + name: gateways.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Gateway + plural: gateways + shortNames: + - gw + singular: gateway + scope: Namespaced + versions: + - name: v1alpha3 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml new file mode 100644 index 0000000000..d08bd06c40 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: mixer-handler + kustomize.component: istio-crds + package: handler + name: handlers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: handler + plural: handlers + singular: handler + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml new file mode 100644 index 0000000000..5efdd1c1bd --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-mixer + kustomize.component: istio-crds + name: httpapispecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpecBinding + plural: httpapispecbindings + singular: httpapispecbinding + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml new file mode 100644 index 0000000000..f3c47edcf6 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-mixer + kustomize.component: istio-crds + name: httpapispecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpec + plural: httpapispecs + singular: httpapispec + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml new file mode 100644 index 0000000000..106fb5f240 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: mixer-instance + kustomize.component: istio-crds + package: instance + name: instances.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: instance + plural: instances + singular: instance + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..18ab2ea4c9 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml @@ -0,0 +1,17 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: certmanager + kustomize.component: istio-crds + name: issuers.certmanager.k8s.io +spec: + group: certmanager.k8s.io + names: + kind: Issuer + plural: issuers + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml new file mode 100644 index 0000000000..8acfb192f2 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-citadel + kustomize.component: istio-crds + name: meshpolicies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: MeshPolicy + listKind: MeshPolicyList + plural: meshpolicies + singular: meshpolicy + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml new file mode 100644 index 0000000000..796c9fa8e6 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: certmanager + kustomize.component: istio-crds + name: orders.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Order + plural: orders + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml new file mode 100644 index 0000000000..7f6d447e54 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-citadel + kustomize.component: istio-crds + name: policies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: Policy + plural: policies + singular: policy + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml new file mode 100644 index 0000000000..cf34ff9565 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-mixer + kustomize.component: istio-crds + name: quotaspecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpecBinding + plural: quotaspecbindings + singular: quotaspecbinding + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml new file mode 100644 index 0000000000..782ac3f591 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-mixer + kustomize.component: istio-crds + name: quotaspecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpec + plural: quotaspecs + singular: quotaspec + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml new file mode 100644 index 0000000000..420974db07 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: rbac + kustomize.component: istio-crds + package: istio.io.mixer + name: rbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: RbacConfig + plural: rbacconfigs + singular: rbacconfig + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml new file mode 100644 index 0000000000..e57f11c367 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: core + kustomize.component: istio-crds + package: istio.io.mixer + name: rules.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: rule + plural: rules + singular: rule + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml new file mode 100644 index 0000000000..e52b86065a --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-pilot + kustomize.component: istio-crds + name: serviceentries.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.hosts + description: The hosts associated with the ServiceEntry + name: Hosts + type: string + - JSONPath: .spec.location + description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL + or MESH_INTERNAL) + name: Location + type: string + - JSONPath: .spec.resolution + description: Service discovery mode for the hosts (NONE, STATIC, or DNS) + name: Resolution + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: ServiceEntry + listKind: ServiceEntryList + plural: serviceentries + shortNames: + - se + singular: serviceentry + scope: Namespaced + versions: + - name: v1alpha3 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml new file mode 100644 index 0000000000..bb19b9a158 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: rbac + kustomize.component: istio-crds + package: istio.io.mixer + name: servicerolebindings.rbac.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.roleRef.name + description: The name of the ServiceRole object being referenced + name: Reference + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRoleBinding + plural: servicerolebindings + singular: servicerolebinding + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml new file mode 100644 index 0000000000..f8b6e02a93 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: rbac + kustomize.component: istio-crds + package: istio.io.mixer + name: serviceroles.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRole + plural: serviceroles + singular: servicerole + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml new file mode 100644 index 0000000000..dcb1f2185e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-pilot + kustomize.component: istio-crds + name: sidecars.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Sidecar + plural: sidecars + singular: sidecar + scope: Namespaced + versions: + - name: v1alpha3 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml new file mode 100644 index 0000000000..57df1e0445 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: mixer + istio: mixer-template + kustomize.component: istio-crds + package: template + name: templates.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: template + plural: templates + singular: template + scope: Namespaced + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml new file mode 100644 index 0000000000..26e9eb1a10 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: istio-pilot + kustomize.component: istio-crds + name: virtualservices.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.gateways + description: The names of gateways and sidecars that should apply these routes + name: Gateways + type: string + - JSONPath: .spec.hosts + description: The destination hosts to which traffic is being sent + name: Hosts + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: VirtualService + listKind: VirtualServiceList + plural: virtualservices + shortNames: + - vs + singular: virtualservice + scope: Namespaced + versions: + - name: v1alpha3 + served: true + storage: true diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_daemonset_istio-nodeagent.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_daemonset_istio-nodeagent.yaml new file mode 100644 index 0000000000..ac07dec74a --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_daemonset_istio-nodeagent.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: nodeagent + istio: nodeagent + name: istio-nodeagent + namespace: istio-system +spec: + selector: + matchLabels: + istio: nodeagent + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: nodeagent + istio: nodeagent + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - env: + - name: CA_ADDR + value: istio-citadel:8060 + - name: CA_PROVIDER + value: Citadel + - name: PLUGINS + value: "" + - name: VALID_TOKEN + value: "true" + - name: TRUST_DOMAIN + value: "" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/istio-release/node-agent-k8s:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: nodeagent + volumeMounts: + - mountPath: /var/run/sds + name: sdsudspath + serviceAccountName: istio-nodeagent-service-account + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + volumes: + - hostPath: + path: /var/run/sds + name: sdsudspath + updateStrategy: + type: RollingUpdate diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml new file mode 100644 index 0000000000..71d2e3470e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: security + istio: citadel + name: istio-citadel + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + istio: citadel + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: security + istio: citadel + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --sds-enabled=true + - --append-dns-names=true + - --grpc-port=8060 + - --citadel-storage-namespace=istio-system + - --custom-dns-names=istio-pilot-service-account.istio-system:istio-pilot.istio-system + - --monitoring-port=15014 + - --self-signed-ca=true + - --workload-cert-ttl=2160h + env: + - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT + value: "true" + image: gcr.io/istio-release/citadel:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: citadel + resources: + requests: + cpu: 10m + serviceAccountName: istio-citadel-service-account diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml new file mode 100644 index 0000000000..5b344bf192 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml @@ -0,0 +1,122 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: galley + istio: galley + name: istio-galley + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + istio: galley + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: galley + istio: galley + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /usr/local/bin/galley + - server + - --meshConfigFile=/etc/mesh-config/mesh + - --livenessProbeInterval=1s + - --livenessProbePath=/healthliveness + - --readinessProbePath=/healthready + - --readinessProbeInterval=1s + - --deployment-namespace=istio-system + - --insecure=false + - --validation-webhook-config-file + - /etc/config/validating-webhook-configuration.yaml + - --monitoringPort=15014 + - --log_output_level=default:info + image: gcr.io/istio-release/galley:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /usr/local/bin/galley + - probe + - --probe-path=/healthliveness + - --interval=10s + initialDelaySeconds: 5 + periodSeconds: 5 + name: galley + ports: + - containerPort: 443 + - containerPort: 15014 + - containerPort: 9901 + readinessProbe: + exec: + command: + - /usr/local/bin/galley + - probe + - --probe-path=/healthready + - --interval=10s + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/certs + name: certs + readOnly: true + - mountPath: /etc/config + name: config + readOnly: true + - mountPath: /etc/mesh-config + name: mesh-config + readOnly: true + serviceAccountName: istio-galley-service-account + volumes: + - name: certs + secret: + secretName: istio.istio-galley-service-account + - configMap: + name: istio-galley-configuration + name: config + - configMap: + name: istio + name: mesh-config diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml new file mode 100644 index 0000000000..61171d41be --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml @@ -0,0 +1,202 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-ingressgateway + istio: ingressgateway + name: istio-ingressgateway + namespace: istio-system +spec: + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: istio-ingressgateway + istio: ingressgateway + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --connectTimeout + - 10s + - --serviceCluster + - istio-ingressgateway + - --zipkinAddress + - zipkin:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - MUTUAL_TLS + - --discoveryAddress + - istio-pilot:15011 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SDS_ENABLED + value: "true" + - name: ISTIO_META_WORKLOAD_NAME + value: istio-ingressgateway + - name: ISTIO_META_OWNER + value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + image: gcr.io/istio-release/proxyv2:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15020 + - containerPort: 80 + - containerPort: 443 + - containerPort: 31400 + - containerPort: 15029 + - containerPort: 15030 + - containerPort: 15031 + - containerPort: 15032 + - containerPort: 15443 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 2000m + memory: 1024Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /var/run/sds + name: sdsudspath + readOnly: true + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-certs + name: ingressgateway-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-ca-certs + name: ingressgateway-ca-certs + readOnly: true + serviceAccountName: istio-ingressgateway-service-account + volumes: + - hostPath: + path: /var/run/sds + name: sdsudspath + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: istio-certs + secret: + optional: true + secretName: istio.istio-ingressgateway-service-account + - name: ingressgateway-certs + secret: + optional: true + secretName: istio-ingressgateway-certs + - name: ingressgateway-ca-certs + secret: + optional: true + secretName: istio-ingressgateway-ca-certs diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml new file mode 100644 index 0000000000..2287dd6a98 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml @@ -0,0 +1,185 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + checksum/config-volume: f8da08b6b8c170dde721efd680270b2901e750d4aa186ebb6c22bef5b78a43f9 + labels: + app: pilot + istio: pilot + name: istio-pilot + namespace: istio-system +spec: + selector: + matchLabels: + istio: pilot + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: pilot + istio: pilot + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - discovery + - --monitoringAddr=:15014 + - --log_output_level=default:info + - --domain + - cluster.local + - --secureGrpcAddr + - "" + - --keepaliveMaxServerConnectionAge + - 30m + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: GODEBUG + value: gctrace=1 + - name: PILOT_PUSH_THROTTLE + value: "100" + - name: PILOT_TRACE_SAMPLING + value: "1" + - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND + value: "true" + - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND + value: "false" + image: gcr.io/istio-release/pilot:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: discovery + ports: + - containerPort: 8080 + - containerPort: 15010 + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + resources: + requests: + cpu: 500m + memory: 2048Mi + volumeMounts: + - mountPath: /etc/istio/config + name: config-volume + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-pilot + - --templateFile + - /etc/istio/proxy/envoy_pilot.yaml.tmpl + - --controlPlaneAuthPolicy + - MUTUAL_TLS + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: SDS_ENABLED + value: "true" + image: gcr.io/istio-release/proxyv2:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15003 + - containerPort: 15005 + - containerPort: 15007 + - containerPort: 15011 + resources: + limits: + cpu: 2000m + memory: 1024Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /var/run/sds + name: sds-uds-path + readOnly: true + - mountPath: /var/run/secrets/tokens + name: istio-token + serviceAccountName: istio-pilot-service-account + volumes: + - hostPath: + path: /var/run/sds + name: sds-uds-path + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - configMap: + name: istio + name: config-volume + - name: istio-certs + secret: + optional: true + secretName: istio.istio-pilot-service-account diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml new file mode 100644 index 0000000000..27069e1098 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml @@ -0,0 +1,175 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-mixer + istio: mixer + name: istio-policy + namespace: istio-system +spec: + selector: + matchLabels: + istio: mixer + istio-mixer-type: policy + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: policy + istio: mixer + istio-mixer-type: policy + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --monitoringPort=15014 + - --address + - unix:///sock/mixer.socket + - --log_output_level=default:info + - --configStoreURL=mcps://istio-galley.istio-system.svc:9901 + - --configDefaultNamespace=istio-system + - --useAdapterCRDs=false + - --useTemplateCRDs=false + - --trace_zipkin_url=http://zipkin.istio-system:9411/api/v1/spans + env: + - name: GODEBUG + value: gctrace=1 + - name: GOMAXPROCS + value: "6" + image: gcr.io/istio-release/mixer:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: mixer + ports: + - containerPort: 15014 + - containerPort: 42422 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /sock + name: uds-socket + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-policy + - --templateFile + - /etc/istio/proxy/envoy_policy.yaml.tmpl + - --controlPlaneAuthPolicy + - MUTUAL_TLS + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: SDS_ENABLED + value: "true" + image: gcr.io/istio-release/proxyv2:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 9091 + - containerPort: 15004 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + resources: + limits: + cpu: 2000m + memory: 1024Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /var/run/sds + name: sds-uds-path + readOnly: true + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /sock + name: uds-socket + - mountPath: /var/run/secrets/istio.io/policy/adapter + name: policy-adapter-secret + readOnly: true + serviceAccountName: istio-mixer-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-mixer-service-account + - hostPath: + path: /var/run/sds + name: sds-uds-path + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: uds-socket + - name: policy-adapter-secret + secret: + optional: true + secretName: policy-adapter-secret diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..c2ef009a0f --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: sidecarInjectorWebhook + istio: sidecar-injector + name: istio-sidecar-injector + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + istio: sidecar-injector + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: sidecarInjectorWebhook + istio: sidecar-injector + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --caCertFile=/etc/istio/certs/root-cert.pem + - --tlsCertFile=/etc/istio/certs/cert-chain.pem + - --tlsKeyFile=/etc/istio/certs/key.pem + - --injectConfig=/etc/istio/inject/config + - --meshConfig=/etc/istio/config/mesh + - --healthCheckInterval=2s + - --healthCheckFile=/health + image: gcr.io/istio-release/sidecar_injector:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /usr/local/bin/sidecar-injector + - probe + - --probe-path=/health + - --interval=4s + initialDelaySeconds: 4 + periodSeconds: 4 + name: sidecar-injector-webhook + readinessProbe: + exec: + command: + - /usr/local/bin/sidecar-injector + - probe + - --probe-path=/health + - --interval=4s + initialDelaySeconds: 4 + periodSeconds: 4 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/istio/config + name: config-volume + readOnly: true + - mountPath: /etc/istio/certs + name: certs + readOnly: true + - mountPath: /etc/istio/inject + name: inject-config + readOnly: true + serviceAccountName: istio-sidecar-injector-service-account + volumes: + - configMap: + name: istio + name: config-volume + - name: certs + secret: + secretName: istio.istio-sidecar-injector-service-account + - configMap: + items: + - key: config + path: config + - key: values + path: values + name: istio-sidecar-injector + name: inject-config diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml new file mode 100644 index 0000000000..dc32c6d0e8 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml @@ -0,0 +1,185 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-mixer + istio: mixer + name: istio-telemetry + namespace: istio-system +spec: + selector: + matchLabels: + istio: mixer + istio-mixer-type: telemetry + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: telemetry + istio: mixer + istio-mixer-type: telemetry + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --monitoringPort=15014 + - --address + - unix:///sock/mixer.socket + - --log_output_level=default:info + - --configStoreURL=mcps://istio-galley.istio-system.svc:9901 + - --certFile=/etc/certs/cert-chain.pem + - --keyFile=/etc/certs/key.pem + - --caCertFile=/etc/certs/root-cert.pem + - --configDefaultNamespace=istio-system + - --useAdapterCRDs=false + - --trace_zipkin_url=http://zipkin.istio-system:9411/api/v1/spans + - --averageLatencyThreshold + - 100ms + - --loadsheddingMode + - enforce + env: + - name: GODEBUG + value: gctrace=1 + - name: GOMAXPROCS + value: "6" + image: gcr.io/istio-release/mixer:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: mixer + ports: + - containerPort: 15014 + - containerPort: 42422 + resources: + limits: + cpu: 4800m + memory: 4G + requests: + cpu: 1000m + memory: 1G + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /var/run/secrets/istio.io/telemetry/adapter + name: telemetry-adapter-secret + readOnly: true + - mountPath: /sock + name: uds-socket + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-telemetry + - --templateFile + - /etc/istio/proxy/envoy_telemetry.yaml.tmpl + - --controlPlaneAuthPolicy + - MUTUAL_TLS + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: SDS_ENABLED + value: "true" + image: gcr.io/istio-release/proxyv2:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 9091 + - containerPort: 15004 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + resources: + limits: + cpu: 2000m + memory: 1024Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /var/run/sds + name: sds-uds-path + readOnly: true + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /sock + name: uds-socket + serviceAccountName: istio-mixer-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-mixer-service-account + - hostPath: + path: /var/run/sds + name: sds-uds-path + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: uds-socket + - name: telemetry-adapter-secret + secret: + optional: true + secretName: telemetry-adapter-secret diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_prometheus.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_prometheus.yaml new file mode 100644 index 0000000000..bd61a789cb --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/apps_v1_deployment_prometheus.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus + name: prometheus + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: prometheus + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --storage.tsdb.retention=6h + - --config.file=/etc/prometheus/prometheus.yaml + image: docker.io/prom/prometheus:v2.8.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + name: prometheus + ports: + - containerPort: 9090 + name: http + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/prometheus + name: config-volume + - mountPath: /etc/istio-certs + name: istio-certs + serviceAccountName: prometheus + volumes: + - configMap: + name: prometheus + name: config-volume + - name: istio-certs + secret: + defaultMode: 420 + secretName: istio.default diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml new file mode 100644 index 0000000000..b11d522036 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml @@ -0,0 +1,20 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: istio-ingressgateway + istio: ingressgateway + name: istio-ingressgateway + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-ingressgateway diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml new file mode 100644 index 0000000000..5c0aeb158b --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml @@ -0,0 +1,19 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: pilot + name: istio-pilot + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-pilot diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml new file mode 100644 index 0000000000..96d1bb443e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml @@ -0,0 +1,19 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: mixer + name: istio-policy + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-policy diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml new file mode 100644 index 0000000000..f8de3ad33a --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml @@ -0,0 +1,19 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: mixer + name: istio-telemetry + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-telemetry diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/batch_v1_job_istio-security-post-install-release-1.3-latest-daily.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/batch_v1_job_istio-security-post-install-release-1.3-latest-daily.yaml new file mode 100644 index 0000000000..bc3e9b5c7e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/batch_v1_job_istio-security-post-install-release-1.3-latest-daily.yaml @@ -0,0 +1,64 @@ +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app: security + name: istio-security-post-install-release-1.3-latest-daily + namespace: istio-system +spec: + template: + metadata: + labels: + app: security + name: istio-security-post-install + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /bin/bash + - /tmp/security/istio-security-run.sh + - /tmp/security/istio-security-custom-resources.yaml + image: gcr.io/istio-release/kubectl:release-1.3-latest-daily + imagePullPolicy: IfNotPresent + name: kubectl + volumeMounts: + - mountPath: /tmp/security + name: tmp-configmap-security + restartPolicy: OnFailure + serviceAccountName: istio-security-post-install-account + volumes: + - configMap: + name: istio-security-custom-resources + name: tmp-configmap-security diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml new file mode 100644 index 0000000000..194c9f3e74 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml @@ -0,0 +1,137 @@ +apiVersion: config.istio.io/v1alpha2 +kind: attributemanifest +metadata: + labels: + app: mixer + name: istioproxy + namespace: istio-system +spec: + attributes: + api.operation: + valueType: STRING + api.protocol: + valueType: STRING + api.service: + valueType: STRING + api.version: + valueType: STRING + check.cache_hit: + valueType: BOOL + check.error_code: + valueType: INT64 + check.error_message: + valueType: STRING + connection.duration: + valueType: DURATION + connection.event: + valueType: STRING + connection.id: + valueType: STRING + connection.mtls: + valueType: BOOL + connection.received.bytes: + valueType: INT64 + connection.received.bytes_total: + valueType: INT64 + connection.requested_server_name: + valueType: STRING + connection.sent.bytes: + valueType: INT64 + connection.sent.bytes_total: + valueType: INT64 + context.protocol: + valueType: STRING + context.proxy_error_code: + valueType: STRING + context.proxy_version: + valueType: STRING + context.reporter.kind: + valueType: STRING + context.reporter.local: + valueType: BOOL + context.reporter.uid: + valueType: STRING + context.time: + valueType: TIMESTAMP + context.timestamp: + valueType: TIMESTAMP + destination.port: + valueType: INT64 + destination.principal: + valueType: STRING + destination.uid: + valueType: STRING + origin.ip: + valueType: IP_ADDRESS + origin.uid: + valueType: STRING + origin.user: + valueType: STRING + quota.cache_hit: + valueType: BOOL + rbac.permissive.effective_policy_id: + valueType: STRING + rbac.permissive.response_code: + valueType: STRING + request.api_key: + valueType: STRING + request.auth.audiences: + valueType: STRING + request.auth.claims: + valueType: STRING_MAP + request.auth.presenter: + valueType: STRING + request.auth.principal: + valueType: STRING + request.auth.raw_claims: + valueType: STRING + request.headers: + valueType: STRING_MAP + request.host: + valueType: STRING + request.id: + valueType: STRING + request.method: + valueType: STRING + request.path: + valueType: STRING + request.query_params: + valueType: STRING_MAP + request.reason: + valueType: STRING + request.referer: + valueType: STRING + request.scheme: + valueType: STRING + request.size: + valueType: INT64 + request.time: + valueType: TIMESTAMP + request.total_size: + valueType: INT64 + request.url_path: + valueType: STRING + request.useragent: + valueType: STRING + response.code: + valueType: INT64 + response.duration: + valueType: DURATION + response.grpc_message: + valueType: STRING + response.grpc_status: + valueType: STRING + response.headers: + valueType: STRING_MAP + response.size: + valueType: INT64 + response.time: + valueType: TIMESTAMP + response.total_size: + valueType: INT64 + source.principal: + valueType: STRING + source.uid: + valueType: STRING + source.user: + valueType: STRING diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml new file mode 100644 index 0000000000..2b48f38df5 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml @@ -0,0 +1,61 @@ +apiVersion: config.istio.io/v1alpha2 +kind: attributemanifest +metadata: + labels: + app: mixer + name: kubernetes + namespace: istio-system +spec: + attributes: + destination.container.name: + valueType: STRING + destination.ip: + valueType: IP_ADDRESS + destination.labels: + valueType: STRING_MAP + destination.metadata: + valueType: STRING_MAP + destination.name: + valueType: STRING + destination.namespace: + valueType: STRING + destination.owner: + valueType: STRING + destination.service.host: + valueType: STRING + destination.service.name: + valueType: STRING + destination.service.namespace: + valueType: STRING + destination.service.uid: + valueType: STRING + destination.serviceAccount: + valueType: STRING + destination.workload.name: + valueType: STRING + destination.workload.namespace: + valueType: STRING + destination.workload.uid: + valueType: STRING + source.ip: + valueType: IP_ADDRESS + source.labels: + valueType: STRING_MAP + source.metadata: + valueType: STRING_MAP + source.name: + valueType: STRING + source.namespace: + valueType: STRING + source.owner: + valueType: STRING + source.serviceAccount: + valueType: STRING + source.services: + valueType: STRING + source.workload.name: + valueType: STRING + source.workload.namespace: + valueType: STRING + source.workload.uid: + valueType: STRING diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml new file mode 100644 index 0000000000..6eb5203232 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml @@ -0,0 +1,9 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + name: kubernetesenv + namespace: istio-system +spec: + compiledAdapter: kubernetesenv diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml new file mode 100644 index 0000000000..591f65ede8 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml @@ -0,0 +1,213 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + name: prometheus + namespace: istio-system +spec: + compiledAdapter: prometheus + params: + metrics: + - instance_name: requestcount.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: requests_total + - buckets: + explicit_buckets: + bounds: + - 0.005 + - 0.01 + - 0.025 + - 0.05 + - 0.1 + - 0.25 + - 0.5 + - 1 + - 2.5 + - 5 + - 10 + instance_name: requestduration.instance.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: request_duration_seconds + - buckets: + exponentialBuckets: + growthFactor: 10 + numFiniteBuckets: 8 + scale: 1 + instance_name: requestsize.instance.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: request_bytes + - buckets: + exponentialBuckets: + growthFactor: 10 + numFiniteBuckets: 8 + scale: 1 + instance_name: responsesize.instance.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: response_bytes + - instance_name: tcpbytesent.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_sent_bytes_total + - instance_name: tcpbytereceived.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_received_bytes_total + - instance_name: tcpconnectionsopened.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_connections_opened_total + - instance_name: tcpconnectionsclosed.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_connections_closed_total + metricsExpirationPolicy: + metricsExpiryDuration: 10m diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_attributes.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_attributes.yaml new file mode 100644 index 0000000000..def828bfeb --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_attributes.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: attributes + namespace: istio-system +spec: + attributeBindings: + destination.container.name: $out.destination_container_name | "unknown" + destination.ip: $out.destination_pod_ip | ip("0.0.0.0") + destination.labels: $out.destination_labels | emptyStringMap() + destination.name: $out.destination_pod_name | "unknown" + destination.namespace: $out.destination_namespace | "default" + destination.owner: $out.destination_owner | "unknown" + destination.serviceAccount: $out.destination_service_account_name | "unknown" + destination.uid: $out.destination_pod_uid | "unknown" + destination.workload.name: $out.destination_workload_name | "unknown" + destination.workload.namespace: $out.destination_workload_namespace | "unknown" + destination.workload.uid: $out.destination_workload_uid | "unknown" + source.ip: $out.source_pod_ip | ip("0.0.0.0") + source.labels: $out.source_labels | emptyStringMap() + source.name: $out.source_pod_name | "unknown" + source.namespace: $out.source_namespace | "default" + source.owner: $out.source_owner | "unknown" + source.serviceAccount: $out.source_service_account_name | "unknown" + source.uid: $out.source_pod_uid | "unknown" + source.workload.name: $out.source_workload_name | "unknown" + source.workload.namespace: $out.source_workload_namespace | "unknown" + source.workload.uid: $out.source_workload_uid | "unknown" + compiledTemplate: kubernetes + params: + destination_port: destination.port | 0 + destination_uid: destination.uid | "" + source_ip: source.ip | ip("0.0.0.0") + source_uid: source.uid | "" diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestcount.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestcount.yaml new file mode 100644 index 0000000000..d36350d7ce --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestcount.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: requestcount + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | request.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestduration.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestduration.yaml new file mode 100644 index 0000000000..e8e7f5cae8 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestduration.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: requestduration + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | request.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: response.duration | "0ms" diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestsize.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestsize.yaml new file mode 100644 index 0000000000..92a052306a --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_requestsize.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: requestsize + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | request.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: request.size | 0 diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_responsesize.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_responsesize.yaml new file mode 100644 index 0000000000..8fa51f640f --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_responsesize.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: responsesize + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | request.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: response.size | 0 diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytereceived.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytereceived.yaml new file mode 100644 index 0000000000..17059fe110 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytereceived.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: tcpbytereceived + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: connection.received.bytes | 0 diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytesent.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytesent.yaml new file mode 100644 index 0000000000..2916bd6d5c --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpbytesent.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: tcpbytesent + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: connection.sent.bytes | 0 diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsclosed.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsclosed.yaml new file mode 100644 index 0000000000..a11ed65696 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsclosed.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: tcpconnectionsclosed + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsopened.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsopened.yaml new file mode 100644 index 0000000000..a54cf0fefc --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_instance_tcpconnectionsopened.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: instance +metadata: + labels: + app: mixer + name: tcpconnectionsopened + namespace: istio-system +spec: + compiledTemplate: metric + params: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") + == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", + "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml new file mode 100644 index 0000000000..4f64a20efa --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml @@ -0,0 +1,12 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + name: kubeattrgenrulerule + namespace: istio-system +spec: + actions: + - handler: kubernetesenv + instances: + - attributes diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml new file mode 100644 index 0000000000..1bf9b97a14 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml @@ -0,0 +1,18 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + name: promhttp + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - requestcount + - requestduration + - requestsize + - responsesize + match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent + | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") + == false) diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml new file mode 100644 index 0000000000..ba53469288 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml @@ -0,0 +1,14 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + name: promtcp + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpbytesent + - tcpbytereceived + match: context.protocol == "tcp" diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml new file mode 100644 index 0000000000..88b56a9f61 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml @@ -0,0 +1,13 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + name: promtcpconnectionclosed + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpconnectionsclosed + match: context.protocol == "tcp" && ((connection.event | "na") == "close") diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml new file mode 100644 index 0000000000..d6a57b5eb4 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml @@ -0,0 +1,13 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + name: promtcpconnectionopen + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpconnectionsopened + match: context.protocol == "tcp" && ((connection.event | "na") == "open") diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml new file mode 100644 index 0000000000..359f4d4d82 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml @@ -0,0 +1,13 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + name: tcpkubeattrgenrulerule + namespace: istio-system +spec: + actions: + - handler: kubernetesenv + instances: + - attributes + match: context.protocol == "tcp" diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml new file mode 100644 index 0000000000..6bb534ca87 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + app: mixer + name: istio-policy + namespace: istio-system +spec: + host: istio-policy.istio-system.svc.cluster.local + trafficPolicy: + connectionPool: + http: + http2MaxRequests: 10000 + maxRequestsPerConnection: 10000 + portLevelSettings: + - port: + number: 15004 + tls: + mode: ISTIO_MUTUAL diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml new file mode 100644 index 0000000000..dcc865c1ce --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + app: mixer + name: istio-telemetry + namespace: istio-system +spec: + host: istio-telemetry.istio-system.svc.cluster.local + trafficPolicy: + connectionPool: + http: + http2MaxRequests: 10000 + maxRequestsPerConnection: 10000 + portLevelSettings: + - port: + number: 15004 + tls: + mode: ISTIO_MUTUAL diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml new file mode 100644 index 0000000000..504e447036 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml @@ -0,0 +1,14 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: galley + istio: galley + name: istio-galley + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: galley + istio: galley diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml new file mode 100644 index 0000000000..8ab724961f --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml @@ -0,0 +1,14 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: istio-ingressgateway + istio: ingressgateway + name: istio-ingressgateway + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml new file mode 100644 index 0000000000..48ef2e374c --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml @@ -0,0 +1,14 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: pilot + istio: pilot + name: istio-pilot + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: pilot + istio: pilot diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml new file mode 100644 index 0000000000..5ab4d9b137 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml @@ -0,0 +1,17 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: policy + istio: mixer + istio-mixer-type: policy + version: 1.1.0 + name: istio-policy + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: policy + istio: mixer + istio-mixer-type: policy diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-sidecar-injector.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..6b92933e30 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-sidecar-injector.yaml @@ -0,0 +1,14 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: sidecarInjectorWebhook + istio: sidecar-injector + name: istio-sidecar-injector + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: sidecarInjectorWebhook + istio: sidecar-injector diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml new file mode 100644 index 0000000000..af62a9392d --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml @@ -0,0 +1,17 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: telemetry + istio: mixer + istio-mixer-type: telemetry + version: 1.1.0 + name: istio-telemetry + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: telemetry + istio: mixer + istio-mixer-type: telemetry diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml new file mode 100644 index 0000000000..b2b648f7bf --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml @@ -0,0 +1,42 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: security + name: istio-citadel-istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - watch + - list + - update + - delete +- apiGroups: + - "" + resources: + - serviceaccounts + - services + - namespaces + verbs: + - get + - watch + - list +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml new file mode 100644 index 0000000000..b07c27bde8 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml @@ -0,0 +1,90 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: galley + name: istio-galley-istio-system +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resourceNames: + - istio-galley + resources: + - deployments + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + - services + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resourceNames: + - istio-galley + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml new file mode 100644 index 0000000000..e891d1f64e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: mixer + name: istio-mixer-istio-system +rules: +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - create + - get + - list + - watch + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - pods + - services + - namespaces + - secrets + - replicationcontrollers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-nodeagent-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-nodeagent-istio-system.yaml new file mode 100644 index 0000000000..712d854b96 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-nodeagent-istio-system.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: nodeagent + name: istio-nodeagent-istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml new file mode 100644 index 0000000000..fba93e72ed --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml @@ -0,0 +1,69 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: pilot + name: istio-pilot-istio-system +rules: +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - get + - watch + - list +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - extensions + resources: + - ingresses + - ingresses/status + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - endpoints + - pods + - services + - namespaces + - nodes + - secrets + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml new file mode 100644 index 0000000000..40b0dd6c47 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + - services + - endpoints + - replicationcontrollers + verbs: + - get + - watch + - list +- apiGroups: + - extensions + - apps + resources: + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml new file mode 100644 index 0000000000..e058905249 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: sidecarInjectorWebhook + istio: sidecar-injector + name: istio-sidecar-injector-istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - patch diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml new file mode 100644 index 0000000000..7dcde2e12d --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: prometheus + name: prometheus-istio-system +rules: +- apiGroups: + - "" + resources: + - nodes + - services + - endpoints + - pods + - nodes/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml new file mode 100644 index 0000000000..f3d3217415 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: security + name: istio-citadel-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-citadel-istio-system +subjects: +- kind: ServiceAccount + name: istio-citadel-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml new file mode 100644 index 0000000000..356d3081d9 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: galley + name: istio-galley-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-galley-istio-system +subjects: +- kind: ServiceAccount + name: istio-galley-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml new file mode 100644 index 0000000000..0c41554f71 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: mixer + name: istio-mixer-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-mixer-istio-system +subjects: +- kind: ServiceAccount + name: istio-mixer-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml new file mode 100644 index 0000000000..3cf724b359 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-multi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader +subjects: +- kind: ServiceAccount + name: istio-multi + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-nodeagent-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-nodeagent-istio-system.yaml new file mode 100644 index 0000000000..416d69e15c --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-nodeagent-istio-system.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: nodeagent + name: istio-nodeagent-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-nodeagent-istio-system +subjects: +- kind: ServiceAccount + name: istio-nodeagent-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml new file mode 100644 index 0000000000..eb97384bfa --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: pilot + name: istio-pilot-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-pilot-istio-system +subjects: +- kind: ServiceAccount + name: istio-pilot-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml new file mode 100644 index 0000000000..53b0c9ba50 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: sidecarInjectorWebhook + istio: sidecar-injector + name: istio-sidecar-injector-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-sidecar-injector-istio-system +subjects: +- kind: ServiceAccount + name: istio-sidecar-injector-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml new file mode 100644 index 0000000000..ee14afcdaa --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: prometheus + name: prometheus-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-istio-system +subjects: +- kind: ServiceAccount + name: prometheus + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml new file mode 100644 index 0000000000..9078948664 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-ingressgateway-sds + namespace: istio-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml new file mode 100644 index 0000000000..2b7f198468 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-ingressgateway-sds + namespace: istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-ingressgateway-sds +subjects: +- kind: ServiceAccount + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml new file mode 100644 index 0000000000..0d6ca7e082 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: security + name: istio-security-post-install-istio-system +rules: +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get +- apiGroups: + - extensions + - apps + resources: + - deployments + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml new file mode 100644 index 0000000000..7516510d7e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: security + name: istio-security-post-install-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-security-post-install-istio-system +subjects: +- kind: ServiceAccount + name: istio-security-post-install-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-ingressgateway.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-ingressgateway.yaml new file mode 100644 index 0000000000..ccd2b2092a --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-ingressgateway.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.istio.io/v1alpha1 +kind: ServiceRole +metadata: + name: istio-ingressgateway + namespace: istio-system +spec: + rules: + - services: + - istio-ingressgateway.istio-system.svc.cluster.local diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-ingressgateway.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-ingressgateway.yaml new file mode 100644 index 0000000000..91340ebbb5 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-ingressgateway.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.istio.io/v1alpha1 +kind: ServiceRoleBinding +metadata: + name: istio-ingressgateway + namespace: istio-system +spec: + roleRef: + kind: ServiceRole + name: istio-ingressgateway + subjects: + - user: '*' diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml new file mode 100644 index 0000000000..81512e2b6c --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml @@ -0,0 +1,120 @@ +apiVersion: v1 +data: + validating-webhook-configuration.yaml: | + apiVersion: admissionregistration.k8s.io/v1beta1 + kind: ValidatingWebhookConfiguration + metadata: + name: istio-galley + labels: + app: galley + istio: galley + webhooks: + - name: pilot.validation.istio.io + clientConfig: + service: + name: istio-galley + namespace: istio-system + path: "/admitpilot" + caBundle: "" + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - config.istio.io + apiVersions: + - v1alpha2 + resources: + - httpapispecs + - httpapispecbindings + - quotaspecs + - quotaspecbindings + - operations: + - CREATE + - UPDATE + apiGroups: + - rbac.istio.io + apiVersions: + - "*" + resources: + - "*" + - operations: + - CREATE + - UPDATE + apiGroups: + - authentication.istio.io + apiVersions: + - "*" + resources: + - "*" + - operations: + - CREATE + - UPDATE + apiGroups: + - networking.istio.io + apiVersions: + - "*" + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + failurePolicy: Fail + sideEffects: None + - name: mixer.validation.istio.io + clientConfig: + service: + name: istio-galley + namespace: istio-system + path: "/admitmixer" + caBundle: "" + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - config.istio.io + apiVersions: + - v1alpha2 + resources: + - rules + - attributemanifests + - circonuses + - deniers + - fluentds + - kubernetesenvs + - listcheckers + - memquotas + - noops + - opas + - prometheuses + - rbacs + - solarwindses + - stackdrivers + - cloudwatches + - dogstatsds + - statsds + - stdios + - apikeys + - authorizations + - checknothings + # - kuberneteses + - listentries + - logentries + - metrics + - quotas + - reportnothings + - tracespans + - adapters + - handlers + - instances + - templates + - zipkins + failurePolicy: Fail + sideEffects: None +kind: ConfigMap +metadata: + name: istio-galley-configuration + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-install-parameters-5kmkd2f29g.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-install-parameters-5kmkd2f29g.yaml new file mode 100644 index 0000000000..db0e477760 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-install-parameters-5kmkd2f29g.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + namespace: istio-system +kind: ConfigMap +metadata: + name: istio-install-parameters-5kmkd2f29g + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml new file mode 100644 index 0000000000..3e86dfa9f0 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +data: + istio-security-custom-resources.yaml: | + # Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. + apiVersion: "authentication.istio.io/v1alpha1" + kind: "MeshPolicy" + metadata: + name: "default" + labels: + app: security + spec: + peers: + - mtls: + mode: PERMISSIVE + istio-security-run.sh: |- + #!/bin/sh + + set -x + + if [ "$#" -ne "1" ]; then + echo "first argument should be path to custom resource yaml" + exit 1 + fi + + pathToResourceYAML=${1} + + kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" + while true; do + kubectl -n istio-system get deployment istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + break + fi + sleep 1 + done + kubectl -n istio-system rollout status deployment istio-galley + if [ "$?" -ne 0 ]; then + echo "istio-galley deployment rollout status check failed" + exit 1 + fi + echo "istio-galley deployment ready for configuration validation" + fi + sleep 5 + kubectl apply -f ${pathToResourceYAML} +kind: ConfigMap +metadata: + name: istio-security-custom-resources + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..af6866c735 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml @@ -0,0 +1,405 @@ +apiVersion: v1 +data: + config: |- + policy: enabled + alwaysInjectSelector: + [] + neverInjectSelector: + [] + template: |- + rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} + {{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} + initContainers: + {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} + {{- if not .Values.istio_cni.enabled }} + - name: istio-init + {{- if contains "/" .Values.global.proxy_init.image }} + image: "{{ .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" + {{- end }} + args: + - "-p" + - "15001" + - "-z" + - "15006" + - "-u" + - 1337 + - "-m" + - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + - "-i" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + - "-x" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + - "-b" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" + - "-d" + - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} + - "-o" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + {{ end -}} + imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" + {{- if .Values.global.proxy.init.resources }} + resources: + {{ toYaml .Values.global.proxy.init.resources | indent 4 }} + {{- else }} + resources: {} + {{- end }} + securityContext: + runAsUser: 0 + runAsNonRoot: false + capabilities: + add: + - NET_ADMIN + {{- if .Values.global.proxy.privileged }} + privileged: true + {{- end }} + restartPolicy: Always + {{- end }} + {{ end -}} + {{- if eq .Values.global.proxy.enableCoreDump true }} + - name: enable-core-dump + args: + - -c + - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited + command: + - /bin/sh + image: {{ $.Values.global.proxy.enableCoreDumpImage }} + imagePullPolicy: IfNotPresent + resources: {} + securityContext: + runAsUser: 0 + runAsNonRoot: false + privileged: true + {{ end }} + {{- end }} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --configPath + - "{{ .ProxyConfig.ConfigPath }}" + - --binaryPath + - "{{ .ProxyConfig.BinaryPath }}" + - --serviceCluster + {{ if ne "" (index .ObjectMeta.Labels "app") -}} + - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" + {{ else -}} + - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" + {{ end -}} + - --drainDuration + - "{{ formatDuration .ProxyConfig.DrainDuration }}" + - --parentShutdownDuration + - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" + - --discoveryAddress + - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" + {{- if eq .Values.global.proxy.tracer "lightstep" }} + - --lightstepAddress + - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" + - --lightstepAccessToken + - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" + - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} + - --lightstepCacertPath + - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" + {{- else if eq .Values.global.proxy.tracer "zipkin" }} + - --zipkinAddress + - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" + {{- else if eq .Values.global.proxy.tracer "datadog" }} + - --datadogAgentAddress + - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" + {{- end }} + {{- if .Values.global.proxy.logLevel }} + - --proxyLogLevel={{ .Values.global.proxy.logLevel }} + {{- end}} + {{- if .Values.global.proxy.componentLogLevel }} + - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} + {{- end}} + - --dnsRefreshRate + - {{ .Values.global.proxy.dnsRefreshRate }} + - --connectTimeout + - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" + {{- if .Values.global.proxy.envoyStatsd.enabled }} + - --statsdUdpAddress + - "{{ .ProxyConfig.StatsdUdpAddress }}" + {{- end }} + {{- if .Values.global.proxy.envoyMetricsService.enabled }} + - --envoyMetricsServiceAddress + - "{{ .ProxyConfig.GetEnvoyMetricsService.GetAddress }}" + {{- end }} + {{- if .Values.global.proxy.envoyAccessLogService.enabled }} + - --envoyAccessLogService + - '{{ structToJSON .ProxyConfig.EnvoyAccessLogService }}' + {{- end }} + - --proxyAdminPort + - "{{ .ProxyConfig.ProxyAdminPort }}" + {{ if gt .ProxyConfig.Concurrency 0 -}} + - --concurrency + - "{{ .ProxyConfig.Concurrency }}" + {{ end -}} + - --controlPlaneAuthPolicy + - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" + {{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} + - --statusPort + - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" + - --applicationPorts + - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" + {{- end }} + {{- if .Values.global.trustDomain }} + - --trust-domain={{ .Values.global.trustDomain }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{if or (ne $index1 0) (ne $index2 0)}},{{end}}{{ structToJSON $p }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multicluster.clusterName `Kubernetes` }}" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if eq .Values.global.proxy.tracer "datadog" }} + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- end }} + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SDS_ENABLED + value: {{ $.Values.global.sds.enabled }} + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + - name: ISTIO_META_INCLUDE_INBOUND_PORTS + value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{ if .ObjectMeta.Annotations }} + - name: ISTIO_METAJSON_ANNOTATIONS + value: | + {{ toJSON .ObjectMeta.Annotations }} + {{ end }} + {{ if .ObjectMeta.Labels }} + - name: ISTIO_METAJSON_LABELS + value: | + {{ toJSON .ObjectMeta.Labels }} + {{ end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: {{ .DeploymentMeta.Name }} + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://api/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.sds.customTokenDirectory }} + - name: ISTIO_META_SDS_TOKEN_PATH + value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if .Values.global.trustDomain }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.trustDomain }}" + {{- end }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + securityContext: + {{- if .Values.global.proxy.privileged }} + privileged: true + {{- end }} + {{- if ne .Values.global.proxy.enableCoreDump true }} + readOnlyRootFilesystem: true + {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + capabilities: + add: + - NET_ADMIN + runAsGroup: 1337 + {{ else -}} + {{ if .Values.global.sds.enabled }} + runAsGroup: 1337 + {{- end }} + runAsUser: 1337 + {{- end }} + resources: + {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end}} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{ else -}} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 4 }} + {{- end }} + {{ end -}} + volumeMounts: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + - mountPath: /etc/istio/proxy + name: istio-envoy + {{- if .Values.global.sds.enabled }} + - mountPath: /var/run/sds + name: sds-uds-path + readOnly: true + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.sds.customTokenDirectory }} + - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" + name: custom-sds-token + readOnly: true + {{- end }} + {{- else }} + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} + - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} + name: lightstep-certs + readOnly: true + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{- end }} + volumes: + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + - emptyDir: + medium: Memory + name: istio-envoy + {{- if .Values.global.sds.enabled }} + - name: sds-uds-path + hostPath: + path: /var/run/sds + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if .Values.global.sds.customTokenDirectory }} + - name: custom-sds-token + secret: + secretName: sdstokensecret + {{- end }} + {{- else }} + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 2 }} + {{ end }} + {{ end }} + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} + - name: lightstep-certs + secret: + optional: true + secretName: lightstep.cacert + {{- end }} + {{- if .Values.global.podDNSSearchNamespaces }} + dnsConfig: + searches: + {{- range .Values.global.podDNSSearchNamespaces }} + - {{ render . }} + {{- end }} + {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + values: '{"certmanager":{"enabled":false},"galley":{"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"image":"galley","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","tolerations":[]},"gateways":{"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"istio-egressgateway":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":false,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"labels":{"app":"istio-egressgateway","istio":"egressgateway"},"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"ports":[{"name":"http2","port":80},{"name":"https","port":443},{"name":"tls","port":15443,"targetPort":15443}],"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","secretVolumes":[{"mountPath":"/etc/istio/egressgateway-certs","name":"egressgateway-certs","secretName":"istio-egressgateway-certs"},{"mountPath":"/etc/istio/egressgateway-ca-certs","name":"egressgateway-ca-certs","secretName":"istio-egressgateway-ca-certs"}],"serviceAnnotations":{},"tolerations":[],"type":"ClusterIP"},"istio-ilbgateway":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":false,"labels":{"app":"istio-ilbgateway","istio":"ilbgateway"},"loadBalancerIP":"","nodeSelector":{},"podAnnotations":{},"ports":[{"name":"grpc-pilot-mtls","port":15011},{"name":"grpc-pilot","port":15010},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns","port":5353}],"resources":{"requests":{"cpu":"800m","memory":"512Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","secretVolumes":[{"mountPath":"/etc/istio/ilbgateway-certs","name":"ilbgateway-certs","secretName":"istio-ilbgateway-certs"},{"mountPath":"/etc/istio/ilbgateway-ca-certs","name":"ilbgateway-ca-certs","secretName":"istio-ilbgateway-ca-certs"}],"serviceAnnotations":{"cloud.google.com/load-balancer-type":"internal"},"tolerations":[],"type":"LoadBalancer"},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":true,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"externalIPs":[],"labels":{"app":"istio-ingressgateway","istio":"ingressgateway"},"loadBalancerIP":"","loadBalancerSourceRanges":[],"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-mixer-grpc-tls","port":15004,"targetPort":15004},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","nodePort":31380,"port":80,"targetPort":80},{"name":"https","nodePort":31390,"port":443},{"name":"tcp","nodePort":31400,"port":31400},{"name":"https-kiali","port":15029,"targetPort":15029},{"name":"https-prometheus","port":15030,"targetPort":15030},{"name":"https-grafana","port":15031,"targetPort":15031},{"name":"https-tracing","port":15032,"targetPort":15032},{"name":"tls","port":15443,"targetPort":15443}],"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sds":{"enabled":false,"image":"node-agent-k8s","resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}},"secretVolumes":[{"mountPath":"/etc/istio/ingressgateway-certs","name":"ingressgateway-certs","secretName":"istio-ingressgateway-certs"},{"mountPath":"/etc/istio/ingressgateway-ca-certs","name":"ingressgateway-ca-certs","secretName":"istio-ingressgateway-ca-certs"}],"serviceAnnotations":{},"tolerations":[],"type":"LoadBalancer"}},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"grafana":{"enabled":false},"istio_cni":{"enabled":false},"istiocoredns":{"enabled":false},"kiali":{"enabled":false},"mixer":{"adapters":{"kubernetesenv":{"enabled":true},"prometheus":{"enabled":true,"metricsExpiryDuration":"10m"},"stdio":{"enabled":false,"outputAsJson":true},"useAdapterCRDs":false},"env":{"GODEBUG":"gctrace=1","GOMAXPROCS":"6"},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"image":"mixer","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"policy":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":true,"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%"},"telemetry":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":true,"loadshedding":{"latencyThreshold":"100ms","mode":"enforce"},"replicaCount":1,"reportBatchMaxEntries":100,"reportBatchMaxTime":"1s","resources":{"limits":{"cpu":"4800m","memory":"4G"},"requests":{"cpu":"1000m","memory":"1G"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sessionAffinityEnabled":false},"tolerations":[]},"nodeagent":{"enabled":true,"env":{"CA_ADDR":"istio-citadel:8060","CA_PROVIDER":"Citadel","PLUGINS":"","VALID_TOKEN":true},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"image":"node-agent-k8s","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"tolerations":[]},"pilot":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enableProtocolSniffingForInbound":false,"enableProtocolSniffingForOutbound":true,"enabled":true,"env":{"GODEBUG":"gctrace=1","PILOT_PUSH_THROTTLE":100},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"image":"pilot","keepaliveMaxServerConnectionAge":"30m","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"resources":{"requests":{"cpu":"500m","memory":"2048Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sidecar":true,"tolerations":[],"traceSampling":1},"prometheus":{"contextPath":"/prometheus","enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"hub":"docker.io/prom","image":"prometheus","ingress":{"annotations":null,"enabled":false,"hosts":["prometheus.local"],"tls":null},"nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"retention":"6h","scrapeInterval":"15s","security":{"enabled":true},"service":{"annotations":{},"nodePort":{"enabled":false,"port":32090}},"tag":"v2.8.0","tolerations":[]},"security":{"citadelHealthCheck":false,"createMeshPolicy":true,"enableNamespacesByDefault":true,"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"image":"citadel","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":true,"tolerations":[],"workloadCertTtl":"2160h"},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableNamespacesByDefault":false,"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"gcr.io/istio-release","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxy_init"},"sds":{"enabled":true,"token":{"aud":"istio-ca"},"udsPath":"unix:/var/run/sds/uds_path"},"tag":"release-1.3-latest-daily","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true},"image":"sidecar_injector","neverInjectSelector":[],"nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","tolerations":[]},"tracing":{"enabled":false}}' +kind: ConfigMap +metadata: + labels: + app: istio + istio: sidecar-injector + name: istio-sidecar-injector + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio.yaml new file mode 100644 index 0000000000..212eae498f --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_istio.yaml @@ -0,0 +1,137 @@ +apiVersion: v1 +data: + mesh: |- + # Set the following variable to true to disable policy checks by the Mixer. + # Note that metrics will still be reported to the Mixer. + disablePolicyChecks: true + # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server + reportBatchMaxEntries: 100 + # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server + reportBatchMaxTime: 1s + + # Set enableTracing to false to disable request tracing. + enableTracing: true + + # Set accessLogFile to empty string to disable access log. + accessLogFile: "" + + # If accessLogEncoding is TEXT, value will be used directly as the log format + # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" + # If AccessLogEncoding is JSON, value will be parsed as map[string]string + # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' + # Leave empty to use default log format + accessLogFormat: "" + + # Set accessLogEncoding to JSON or TEXT to configure sidecar access log + accessLogEncoding: 'TEXT' + + enableEnvoyAccessLogService: false + mixerCheckServer: istio-policy.istio-system.svc.cluster.local:15004 + mixerReportServer: istio-telemetry.istio-system.svc.cluster.local:15004 + # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. + # Default is false which means the traffic is denied when the client is unable to connect to Mixer. + policyCheckFailOpen: false + # Let Pilot give ingresses the public IP of the Istio ingressgateway + ingressService: istio-ingressgateway + + # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS + connectTimeout: 10s + + # Automatic protocol detection uses a set of heuristics to + # determine whether the connection is using TLS or not (on the + # server side), as well as the application protocol being used + # (e.g., http vs tcp). These heuristics rely on the client sending + # the first bits of data. For server first protocols like MySQL, + # MongoDB, etc., Envoy will timeout on the protocol detection after + # the specified period, defaulting to non mTLS plain TCP + # traffic. Set this field to tweak the period that Envoy will wait + # for the client to send the first bits of data. (MUST BE >=1ms) + protocolDetectionTimeout: 100ms + + # DNS refresh rate for Envoy clusters of type STRICT_DNS + dnsRefreshRate: 300s + + # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get + # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. + sdsUdsPath: "unix:/var/run/sds/uds_path" + + # The trust domain corresponds to the trust root of a system. + # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain + trustDomain: "" + + # Set the default behavior of the sidecar for handling outbound traffic from the application: + # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no + # services or ServiceEntries for the destination port + # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well + # as those defined through ServiceEntries + outboundTrafficPolicy: + mode: ALLOW_ANY + localityLbSetting: + enabled: true + # The namespace to treat as the administrative root namespace for istio + # configuration. + rootNamespace: istio-system + configSources: + - address: istio-galley.istio-system.svc:9901 + tlsSettings: + mode: ISTIO_MUTUAL + + defaultConfig: + # + # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters + # defined in Envoy's configuration file + connectTimeout: 10s + # + ### ADVANCED SETTINGS ############# + # Where should envoy's configuration be stored in the istio-proxy container + configPath: "/etc/istio/proxy" + binaryPath: "/usr/local/bin/envoy" + # The pseudo service name used for Envoy. + serviceCluster: istio-proxy + # These settings that determine how long an old Envoy + # process should be kept alive after an occasional reload. + drainDuration: 45s + parentShutdownDuration: 1m0s + # + # The mode used to redirect inbound connections to Envoy. This setting + # has no effect on outbound traffic: iptables REDIRECT is always used for + # outbound connections. + # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. + # The "REDIRECT" mode loses source addresses during redirection. + # If "TPROXY", use iptables TPROXY to redirect to Envoy. + # The "TPROXY" mode preserves both the source and destination IP + # addresses and ports, so that they can be used for advanced filtering + # and manipulation. + # The "TPROXY" mode also configures the sidecar to run with the + # CAP_NET_ADMIN capability, which is required to use TPROXY. + #interceptionMode: REDIRECT + # + # Port where Envoy listens (on local host) for admin commands + # You can exec into the istio-proxy container in a pod and + # curl the admin port (curl http://localhost:15000/) to obtain + # diagnostic information from Envoy. See + # https://lyft.github.io/envoy/docs/operations/admin.html + # for more details + proxyAdminPort: 15000 + # + # Set concurrency to a specific number to control the number of Proxy worker threads. + # If set to 0 (default), then start worker thread for each CPU thread/core. + concurrency: 2 + # + tracing: + zipkin: + # Address of the Zipkin collector + address: zipkin.istio-system:9411 + # + # Mutual TLS authentication between sidecars and istio control plane. + controlPlaneAuthPolicy: MUTUAL_TLS + # + # Address where istio Pilot service is running + discoveryAddress: istio-pilot.istio-system:15011 + meshNetworks: 'networks: {}' +kind: ConfigMap +metadata: + labels: + app: istio + name: istio + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_prometheus.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_prometheus.yaml new file mode 100644 index 0000000000..bab14b0984 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_configmap_prometheus.yaml @@ -0,0 +1,276 @@ +apiVersion: v1 +data: + prometheus.yaml: |- + global: + scrape_interval: 15s + scrape_configs: + + - job_name: 'istio-mesh' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;prometheus + + # Scrape config for envoy stats + - job_name: 'envoy-stats' + metrics_path: /stats/prometheus + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:15090 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name + + - job_name: 'istio-policy' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-policy;http-monitoring + + - job_name: 'istio-telemetry' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;http-monitoring + + - job_name: 'pilot' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-pilot;http-monitoring + + - job_name: 'galley' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-galley;http-monitoring + + - job_name: 'citadel' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-citadel;http-monitoring + + # scrape config for API servers + - job_name: 'kubernetes-apiservers' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: kubernetes;https + + # scrape config for nodes (kubelet) + - job_name: 'kubernetes-nodes' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics + + # Scrape config for Kubelet cAdvisor. + # + # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics + # (those whose names begin with 'container_') have been removed from the + # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to + # retrieve those metrics. + # + # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor + # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" + # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with + # the --cadvisor-port=0 Kubelet flag). + # + # This job is not necessary and should be removed in Kubernetes 1.6 and + # earlier versions, or it will cause the metrics to be scraped twice. + - job_name: 'kubernetes-cadvisor' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor + + # scrape config for service endpoints. + - job_name: 'kubernetes-service-endpoints' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" + - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: keep + regex: ((;.*)|(.*;http)) + - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] + action: drop + regex: (true) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name + + - job_name: 'kubernetes-pods-istio-secure' + scheme: https + tls_config: + ca_file: /etc/istio-certs/root-cert.pem + cert_file: /etc/istio-certs/cert-chain.pem + key_file: /etc/istio-certs/key.pem + insecure_skip_verify: true # prometheus does not support secure naming. + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + # sidecar status annotation is added by sidecar injector and + # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. + - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] + action: keep + regex: (([^;]+);([^;]*))|(([^;]*);(true)) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: drop + regex: (http) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__] # Only keep address that is host:port + action: keep # otherwise an extra target with ':443' is added for https scheme + regex: ([^:]+):(\d+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name +kind: ConfigMap +metadata: + name: prometheus + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_namespace_istio-system.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_namespace_istio-system.yaml new file mode 100644 index 0000000000..f394e916f9 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_namespace_istio-system.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-citadel.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-citadel.yaml new file mode 100644 index 0000000000..852fd9feff --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-citadel.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: security + istio: citadel + name: istio-citadel + namespace: istio-system +spec: + ports: + - name: grpc-citadel + port: 8060 + protocol: TCP + targetPort: 8060 + - name: http-monitoring + port: 15014 + selector: + istio: citadel diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-galley.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-galley.yaml new file mode 100644 index 0000000000..ea2d39ca12 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-galley.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: galley + istio: galley + name: istio-galley + namespace: istio-system +spec: + ports: + - name: https-validation + port: 443 + - name: http-monitoring + port: 15014 + - name: grpc-mcp + port: 9901 + selector: + istio: galley diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml new file mode 100644 index 0000000000..a590dc8ab9 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml @@ -0,0 +1,44 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + beta.cloud.google.com/backend-config: '{"ports": {"http2":"iap-backendconfig"}}' + labels: + app: istio-ingressgateway + istio: ingressgateway + name: istio-ingressgateway + namespace: istio-system +spec: + ports: + - name: status-port + port: 15020 + targetPort: 15020 + - name: http2 + nodePort: 31380 + port: 80 + targetPort: 80 + - name: https + nodePort: 31390 + port: 443 + - name: tcp + nodePort: 31400 + port: 31400 + - name: https-kiali + port: 15029 + targetPort: 15029 + - name: https-prometheus + port: 15030 + targetPort: 15030 + - name: https-grafana + port: 15031 + targetPort: 15031 + - name: https-tracing + port: 15032 + targetPort: 15032 + - name: tls + port: 15443 + targetPort: 15443 + selector: + app: istio-ingressgateway + istio: ingressgateway + type: NodePort diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-pilot.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-pilot.yaml new file mode 100644 index 0000000000..7f7aac66b2 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-pilot.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: pilot + istio: pilot + name: istio-pilot + namespace: istio-system +spec: + ports: + - name: grpc-xds + port: 15010 + - name: https-xds + port: 15011 + - name: http-legacy-discovery + port: 8080 + - name: http-monitoring + port: 15014 + selector: + istio: pilot diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-policy.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-policy.yaml new file mode 100644 index 0000000000..92eddb06cd --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-policy.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + networking.istio.io/exportTo: '*' + labels: + app: mixer + istio: mixer + name: istio-policy + namespace: istio-system +spec: + ports: + - name: grpc-mixer + port: 9091 + - name: grpc-mixer-mtls + port: 15004 + - name: http-monitoring + port: 15014 + selector: + istio: mixer + istio-mixer-type: policy diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml new file mode 100644 index 0000000000..2013882d45 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: sidecarInjectorWebhook + istio: sidecar-injector + name: istio-sidecar-injector + namespace: istio-system +spec: + ports: + - name: https-inject + port: 443 + - name: http-monitoring + port: 15014 + selector: + istio: sidecar-injector diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml new file mode 100644 index 0000000000..b02397a061 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + networking.istio.io/exportTo: '*' + labels: + app: mixer + istio: mixer + name: istio-telemetry + namespace: istio-system +spec: + ports: + - name: grpc-mixer + port: 9091 + - name: grpc-mixer-mtls + port: 15004 + - name: http-monitoring + port: 15014 + - name: prometheus + port: 42422 + selector: + istio: mixer + istio-mixer-type: telemetry diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_prometheus.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_prometheus.yaml new file mode 100644 index 0000000000..147fda3aac --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_service_prometheus.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scrape: "true" + labels: + app: prometheus + name: prometheus + namespace: istio-system +spec: + ports: + - name: http-prometheus + port: 9090 + protocol: TCP + selector: + app: prometheus diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml new file mode 100644 index 0000000000..bfd1afc2a9 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: security + name: istio-citadel-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml new file mode 100644 index 0000000000..a1fdfb36c4 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: galley + name: istio-galley-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml new file mode 100644 index 0000000000..7d7230c868 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: istio-ingressgateway + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml new file mode 100644 index 0000000000..9630e83a84 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: mixer + name: istio-mixer-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml new file mode 100644 index 0000000000..2ae58c18b5 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-multi + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-nodeagent-service-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-nodeagent-service-account.yaml new file mode 100644 index 0000000000..74f7f7a736 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-nodeagent-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: nodeagent + name: istio-nodeagent-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml new file mode 100644 index 0000000000..066bd7fa6e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pilot + name: istio-pilot-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml new file mode 100644 index 0000000000..26c77ce158 --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: security + name: istio-security-post-install-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml new file mode 100644 index 0000000000..3b225d382e --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: sidecarInjectorWebhook + istio: sidecar-injector + name: istio-sidecar-injector-service-account + namespace: istio-system diff --git a/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml new file mode 100644 index 0000000000..1cb719e1cd --- /dev/null +++ b/tests/stacks/azure/application/istio-1-3-1-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: prometheus + name: prometheus + namespace: istio-system diff --git a/tests/stacks/azure/application/istio/kustomize_test.go b/tests/stacks/azure/application/istio/kustomize_test.go new file mode 100644 index 0000000000..50d1f67310 --- /dev/null +++ b/tests/stacks/azure/application/istio/kustomize_test.go @@ -0,0 +1,15 @@ +package istio + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/istio", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml new file mode 100644 index 0000000000..761c72b28c --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml @@ -0,0 +1,15 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: kubeflow-gateway + namespace: kubeflow +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP diff --git a/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml new file mode 100644 index 0000000000..8b72b89b40 --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: google-api-entry + namespace: kubeflow +spec: + hosts: + - www.googleapis.com + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: HTTPS + resolution: DNS diff --git a/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml new file mode 100644 index 0000000000..25a4323d96 --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: google-storage-api-entry + namespace: kubeflow +spec: + hosts: + - storage.googleapis.com + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: HTTPS + resolution: DNS diff --git a/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml new file mode 100644 index 0000000000..962ff0ad0f --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: google-api-vs + namespace: kubeflow +spec: + hosts: + - www.googleapis.com + tls: + - match: + - port: 443 + sni_hosts: + - www.googleapis.com + route: + - destination: + host: www.googleapis.com + port: + number: 443 + weight: 100 diff --git a/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml new file mode 100644 index 0000000000..0a36119b53 --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: google-storage-api-vs + namespace: kubeflow +spec: + hosts: + - storage.googleapis.com + tls: + - match: + - port: 443 + sni_hosts: + - storage.googleapis.com + route: + - destination: + host: storage.googleapis.com + port: + number: 443 + weight: 100 diff --git a/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml new file mode 100644 index 0000000000..f3c49cca8e --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: grafana-vs + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - method: + exact: GET + uri: + prefix: /istio/grafana/ + rewrite: + uri: / + route: + - destination: + host: grafana.istio-system.svc.cluster.local + port: + number: 3000 diff --git a/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml b/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml new file mode 100644 index 0000000000..b9f424a12f --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-istio-admin +rules: [] diff --git a/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml b/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml new file mode 100644 index 0000000000..fa0a1943e0 --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" + name: kubeflow-istio-edit +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml b/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml new file mode 100644 index 0000000000..daf4419193 --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-istio-view +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml b/tests/stacks/azure/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml new file mode 100644 index 0000000000..9c7e471ebc --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.istio.io/v1alpha1 +kind: ClusterRbacConfig +metadata: + name: default + namespace: kubeflow +spec: + exclusion: + namespaces: + - istio-system + mode: "OFF" diff --git a/tests/stacks/azure/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml b/tests/stacks/azure/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml new file mode 100644 index 0000000000..ccc61b697b --- /dev/null +++ b/tests/stacks/azure/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + clusterRbacConfig: "OFF" + gatewaySelector: ingressgateway +kind: ConfigMap +metadata: + annotations: {} + labels: {} + name: istio-parameters-t6hhgfg9k2 + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/base/kustomize_test.go b/tests/stacks/azure/application/jupyter-web-app/base/kustomize_test.go new file mode 100644 index 0000000000..9415d350f4 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/kustomize_test.go @@ -0,0 +1,15 @@ +package base + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../../stacks/azure/application/jupyter-web-app/base", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 0000000000..7c172e2e6e --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + key: ROK_SECRET_NAME + name: jupyter-web-app-parameters + - name: UI + valueFrom: + configMapKeyRef: + key: UI + name: jupyter-web-app-parameters + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + imagePullPolicy: Always + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config + name: config-volume diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 0000000000..0c0539fd4b --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 0000000000..7372f11b74 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 0000000000..6e3413fe9a --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 0000000000..7efa2fe3c1 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 0000000000..c5aa988709 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 0000000000..569a985b15 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 0000000000..4bf3335ba0 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml new file mode 100644 index 0000000000..60115c258f --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml new file mode 100644 index 0000000000..e089825a84 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + ROK_SECRET_NAME: secret-rok-{username} + UI: default + policy: Always + prefix: jupyter +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 0000000000..098ea28b6d --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /jupyter/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 0000000000..0c14927726 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/base/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/kustomize_test.go b/tests/stacks/azure/application/jupyter-web-app/kustomize_test.go new file mode 100644 index 0000000000..cd4f9af5c3 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/kustomize_test.go @@ -0,0 +1,15 @@ +package jupyter_web_app + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/jupyter-web-app", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml new file mode 100644 index 0000000000..cef234ad80 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml @@ -0,0 +1,53 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + name: jupyter-web-app + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a UI which allows the user to create/conect/delete jupyter + notebooks. + keywords: + - jupyterhub + - jupyter ui + - notebooks + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app + - description: Docs + url: https://www.kubeflow.org/docs/notebooks + maintainers: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + owners: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + type: jupyter-web-app + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 0000000000..7c172e2e6e --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + key: ROK_SECRET_NAME + name: jupyter-web-app-parameters + - name: UI + valueFrom: + configMapKeyRef: + key: UI + name: jupyter-web-app-parameters + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + imagePullPolicy: Always + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config + name: config-volume diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml new file mode 100644 index 0000000000..df4b224d44 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: jupyter-web-app + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /jupyter + match: + - uri: + prefix: /jupyter/ + rewrite: + uri: / + route: + - destination: + host: jupyter-web-app-service.$(namespace).svc.$(clusterDomain) + port: + number: 80 diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 0000000000..0c0539fd4b --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 0000000000..7372f11b74 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 0000000000..6e3413fe9a --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 0000000000..7efa2fe3c1 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 0000000000..c5aa988709 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 0000000000..569a985b15 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 0000000000..4bf3335ba0 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml new file mode 100644 index 0000000000..60115c258f --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml new file mode 100644 index 0000000000..e089825a84 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + ROK_SECRET_NAME: secret-rok-{username} + UI: default + policy: Always + prefix: jupyter +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 0000000000..098ea28b6d --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /jupyter/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 0000000000..0c14927726 --- /dev/null +++ b/tests/stacks/azure/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/application/oidc-authservice/kustomize_test.go b/tests/stacks/azure/application/oidc-authservice/kustomize_test.go new file mode 100644 index 0000000000..65c7e3061c --- /dev/null +++ b/tests/stacks/azure/application/oidc-authservice/kustomize_test.go @@ -0,0 +1,15 @@ +package oidc_authservice + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/oidc-authservice", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/oidc-authservice/test_data/expected/app.k8s.io_v1beta1_application_oidc-authservice.yaml b/tests/stacks/azure/application/oidc-authservice/test_data/expected/app.k8s.io_v1beta1_application_oidc-authservice.yaml new file mode 100644 index 0000000000..d9c3eddc26 --- /dev/null +++ b/tests/stacks/azure/application/oidc-authservice/test_data/expected/app.k8s.io_v1beta1_application_oidc-authservice.yaml @@ -0,0 +1,47 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + name: oidc-authservice + namespace: istio-system +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: StatefulSet + - group: core + kind: Service + - group: core + kind: PersistentVolumeClaim + - group: networking.istio.io + kind: EnvoyFilter + descriptor: + description: Provides OIDC-based authentication for Kubeflow Applications, at + the Istio Gateway. + keywords: + - oidc + - authservice + - authentication + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/oidc-authservice + - description: Docs + url: https://www.kubeflow.org/docs/started/k8s/kfctl-existing-arrikto + maintainers: + - email: yanniszark@arrikto.com + name: Yannis Zarkadas + owners: + - email: yanniszark@arrikto.com + name: Yannis Zarkadas + type: oidc-authservice + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/instance: oidc-authservice-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: oidc-authservice + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/application/oidc-authservice/test_data/expected/apps_v1_statefulset_authservice.yaml b/tests/stacks/azure/application/oidc-authservice/test_data/expected/apps_v1_statefulset_authservice.yaml new file mode 100644 index 0000000000..ef1dcd82a8 --- /dev/null +++ b/tests/stacks/azure/application/oidc-authservice/test_data/expected/apps_v1_statefulset_authservice.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + name: authservice + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: authservice + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + serviceName: authservice + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: authservice + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + spec: + containers: + - env: + - name: USERID_HEADER + value: kubeflow-userid + - name: USERID_PREFIX + value: "" + - name: USERID_CLAIM + value: email + - name: OIDC_PROVIDER + value: https://login.microsoftonline.com//v2.0 + - name: OIDC_AUTH_URL + value: https://login.microsoftonline.com//oauth2/v2.0/authorize + - name: OIDC_SCOPES + value: profile email groups + - name: REDIRECT_URL + value: https:///login/oidc + - name: SKIP_AUTH_URI + value: "" + - name: PORT + value: "8080" + - name: CLIENT_ID + value: + - name: CLIENT_SECRET + value: + - name: STORE_PATH + value: /var/lib/authservice/data.db + image: gcr.io/arrikto/kubeflow/oidc-authservice:28c59ef + imagePullPolicy: Always + name: authservice + ports: + - containerPort: 8080 + name: http-api + readinessProbe: + httpGet: + path: / + port: 8081 + volumeMounts: + - mountPath: /var/lib/authservice + name: data + securityContext: + fsGroup: 111 + volumes: + - name: data + persistentVolumeClaim: + claimName: authservice-pvc diff --git a/tests/stacks/azure/application/oidc-authservice/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_authn-filter.yaml b/tests/stacks/azure/application/oidc-authservice/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_authn-filter.yaml new file mode 100644 index 0000000000..510e1df10f --- /dev/null +++ b/tests/stacks/azure/application/oidc-authservice/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_authn-filter.yaml @@ -0,0 +1,36 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + labels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + name: authn-filter + namespace: istio-system +spec: + filters: + - filterConfig: + httpService: + authorizationRequest: + allowedHeaders: + patterns: + - exact: cookie + - exact: X-Auth-Token + authorizationResponse: + allowedUpstreamHeaders: + patterns: + - exact: kubeflow-userid + serverUri: + cluster: outbound|8080||authservice.istio-system.svc.cluster.local + failureModeAllow: false + timeout: 10s + uri: http://authservice.istio-system.svc.cluster.local + statusOnError: + code: GatewayTimeout + filterName: envoy.ext_authz + filterType: HTTP + insertPosition: + index: FIRST + listenerMatch: + listenerType: GATEWAY + workloadLabels: + istio: ingressgateway diff --git a/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml b/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml new file mode 100644 index 0000000000..8cd96e5509 --- /dev/null +++ b/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +data: + application_secret: + client_id: + gatewaySelector: ingressgateway + namespace: istio-system + oidc_auth_url: https://login.microsoftonline.com//oauth2/v2.0/authorize + oidc_provider: https://login.microsoftonline.com//v2.0 + oidc_redirect_uri: https:///login/oidc + skip_auth_uri: "" + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + name: oidc-authservice-parameters + namespace: istio-system diff --git a/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_persistentvolumeclaim_authservice-pvc.yaml b/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_persistentvolumeclaim_authservice-pvc.yaml new file mode 100644 index 0000000000..7496a46ef8 --- /dev/null +++ b/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_persistentvolumeclaim_authservice-pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + name: authservice-pvc + namespace: istio-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_service_authservice.yaml b/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_service_authservice.yaml new file mode 100644 index 0000000000..0884d424a4 --- /dev/null +++ b/tests/stacks/azure/application/oidc-authservice/test_data/expected/~g_v1_service_authservice.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + name: authservice + namespace: istio-system +spec: + ports: + - name: http-authservice + port: 8080 + targetPort: http-api + publishNotReadyAddresses: true + selector: + app: authservice + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice + type: ClusterIP diff --git a/tests/stacks/azure/application/spark-operator/kustomize_test.go b/tests/stacks/azure/application/spark-operator/kustomize_test.go new file mode 100644 index 0000000000..ccf0e5f005 --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/kustomize_test.go @@ -0,0 +1,15 @@ +package spark_operator + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/spark-operator", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml new file mode 100644 index 0000000000..ddd151fa47 --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml @@ -0,0 +1,2550 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: scheduledsparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: ScheduledSparkApplication + listKind: ScheduledSparkApplicationList + plural: scheduledsparkapplications + shortNames: + - scheduledsparkapp + singular: scheduledsparkapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + concurrencyPolicy: + type: string + failedRunHistoryLimit: + format: int32 + type: integer + schedule: + type: string + successfulRunHistoryLimit: + format: int32 + type: integer + suspend: + type: boolean + template: + properties: + arguments: + items: + type: string + type: array + batchScheduler: + type: string + batchSchedulerOptions: + properties: + priorityClassName: + type: string + queue: + type: string + type: object + deps: + properties: + downloadTimeout: + format: int32 + minimum: 1 + type: integer + files: + items: + type: string + type: array + filesDownloadDir: + type: string + jars: + items: + type: string + type: array + jarsDownloadDir: + type: string + maxSimultaneousDownloads: + format: int32 + minimum: 1 + type: integer + pyFiles: + items: + type: string + type: array + type: object + driver: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + executor: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + coreRequest: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + instances: + format: int32 + minimum: 1 + type: integer + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + failureRetries: + format: int32 + type: integer + hadoopConf: + additionalProperties: + type: string + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + type: string + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + configFile: + type: string + configuration: + type: string + jmxExporterJar: + type: string + port: + format: int32 + maximum: 49151 + minimum: 1024 + type: integer + required: + - jmxExporterJar + type: object + required: + - exposeDriverMetrics + - exposeExecutorMetrics + type: object + nodeSelector: + additionalProperties: + type: string + type: object + pythonVersion: + enum: + - "2" + - "3" + type: string + restartPolicy: + properties: + onFailureRetries: + format: int32 + minimum: 0 + type: integer + onFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + onSubmissionFailureRetries: + format: int32 + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + type: + enum: + - Never + - Always + - OnFailure + type: string + type: object + retryInterval: + format: int64 + type: integer + sparkConf: + additionalProperties: + type: string + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + timeToLiveSeconds: + format: int64 + type: integer + type: + enum: + - Java + - Python + - Scala + - R + type: string + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - driver + - executor + - mainApplicationFile + - sparkVersion + - type + type: object + required: + - schedule + - template + type: object + required: + - metadata + - spec + type: object + version: v1beta2 + versions: + - name: v1beta2 + served: true + storage: true diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml new file mode 100644 index 0000000000..bf9aacd2ff --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml @@ -0,0 +1,2532 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: sparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: SparkApplication + listKind: SparkApplicationList + plural: sparkapplications + shortNames: + - sparkapp + singular: sparkapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + arguments: + items: + type: string + type: array + batchScheduler: + type: string + batchSchedulerOptions: + properties: + priorityClassName: + type: string + queue: + type: string + type: object + deps: + properties: + downloadTimeout: + format: int32 + minimum: 1 + type: integer + files: + items: + type: string + type: array + filesDownloadDir: + type: string + jars: + items: + type: string + type: array + jarsDownloadDir: + type: string + maxSimultaneousDownloads: + format: int32 + minimum: 1 + type: integer + pyFiles: + items: + type: string + type: array + type: object + driver: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + executor: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + coreRequest: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + instances: + format: int32 + minimum: 1 + type: integer + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + failureRetries: + format: int32 + type: integer + hadoopConf: + additionalProperties: + type: string + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + type: string + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + configFile: + type: string + configuration: + type: string + jmxExporterJar: + type: string + port: + format: int32 + maximum: 49151 + minimum: 1024 + type: integer + required: + - jmxExporterJar + type: object + required: + - exposeDriverMetrics + - exposeExecutorMetrics + type: object + nodeSelector: + additionalProperties: + type: string + type: object + pythonVersion: + enum: + - "2" + - "3" + type: string + restartPolicy: + properties: + onFailureRetries: + format: int32 + minimum: 0 + type: integer + onFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + onSubmissionFailureRetries: + format: int32 + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + type: + enum: + - Never + - Always + - OnFailure + type: string + type: object + retryInterval: + format: int64 + type: integer + sparkConf: + additionalProperties: + type: string + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + timeToLiveSeconds: + format: int64 + type: integer + type: + enum: + - Java + - Python + - Scala + - R + type: string + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - driver + - executor + - mainApplicationFile + - sparkVersion + - type + type: object + required: + - metadata + - spec + type: object + version: v1beta2 + versions: + - name: v1beta2 + served: true + storage: true diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml new file mode 100644 index 0000000000..47bbe36a1d --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml @@ -0,0 +1,42 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + name: spark-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: SparkOperator + descriptor: + description: Spark-operator allows users to create and manage the "SparkApplication" + custom resource. + keywords: + - spark + maintainers: + - email: holden@pigscanfly.ca + name: Holden Karau + owners: + - email: holden@pigscanfly.ca + name: Holden Karau + type: spark-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: sppark-operator + app.kubernetes.io/instance: spark-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml new file mode 100644 index 0000000000..8f9cf52035 --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorsparkoperator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator + spec: + containers: + - args: + - -v=2 + - -namespace= + - -ingress-url-format= + - -controller-threads=10 + - -resync-interval=30 + - -logtostderr + - -enable-metrics=true + - -metrics-labels=app_type + - -metrics-port=10254 + - -metrics-endpoint=/metrics + - -metrics-prefix= + image: gcr.io/spark-operator/spark-operator:v1beta2-1.1.0-2.4.5 + imagePullPolicy: IfNotPresent + name: sparkoperator + ports: + - containerPort: 10254 + serviceAccountName: spark-operatoroperator-sa diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml new file mode 100644 index 0000000000..8f7eabad51 --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml @@ -0,0 +1,76 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatoroperator-cr +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - '*' +- apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - create + - get + - delete + - update +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - get + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - update + - delete +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get + - update + - delete +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + - scheduledsparkapplications + - sparkapplications/status + - scheduledsparkapplications/status + verbs: + - '*' diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml new file mode 100644 index 0000000000..7b3d77da27 --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorsparkoperator-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: spark-operatoroperator-cr +subjects: +- kind: ServiceAccount + name: spark-operatoroperator-sa + namespace: kubeflow diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml new file mode 100644 index 0000000000..e4a3af18c1 --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml new file mode 100644 index 0000000000..ed9bb0d46e --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: spark-operatorspark-role +subjects: +- kind: ServiceAccount + name: spark-operatorspark + namespace: kubeflow diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml new file mode 100644 index 0000000000..b089a63b4c --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatoroperator-sa + namespace: kubeflow diff --git a/tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml b/tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml new file mode 100644 index 0000000000..eb83084001 --- /dev/null +++ b/tests/stacks/azure/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark + namespace: kubeflow diff --git a/tests/stacks/azure/application/spartakus/kustomize_test.go b/tests/stacks/azure/application/spartakus/kustomize_test.go new file mode 100644 index 0000000000..cbe454a2d4 --- /dev/null +++ b/tests/stacks/azure/application/spartakus/kustomize_test.go @@ -0,0 +1,15 @@ +package spartakus + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/azure/application/spartakus", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/application/spartakus/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml b/tests/stacks/azure/application/spartakus/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml new file mode 100644 index 0000000000..531fe0dac7 --- /dev/null +++ b/tests/stacks/azure/application/spartakus/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml @@ -0,0 +1,37 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + name: spartakus + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: "" + keywords: + - spartakus + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: spartakus + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/instance: spartakus-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: spartakus + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/application/spartakus/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml b/tests/stacks/azure/application/spartakus/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml new file mode 100644 index 0000000000..6a4c558264 --- /dev/null +++ b/tests/stacks/azure/application/spartakus/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus-volunteer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: spartakus-volunteer + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + spec: + containers: + - args: + - volunteer + - --cluster-id=$(USAGE_ID) + - --database=https://stats-collector.kubeflow.org + env: + - name: USAGE_ID + valueFrom: + configMapKeyRef: + key: usageId + name: spartakus-config + image: gcr.io/google_containers/spartakus-amd64:v1.1.0 + name: volunteer + serviceAccountName: spartakus diff --git a/tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml b/tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml new file mode 100644 index 0000000000..f2e0bb974d --- /dev/null +++ b/tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list diff --git a/tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml b/tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml new file mode 100644 index 0000000000..9cad7bb143 --- /dev/null +++ b/tests/stacks/azure/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: spartakus +subjects: +- kind: ServiceAccount + name: spartakus + namespace: kubeflow diff --git a/tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_configmap_spartakus-config.yaml b/tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_configmap_spartakus-config.yaml new file mode 100644 index 0000000000..8572b43906 --- /dev/null +++ b/tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_configmap_spartakus-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + usageId: +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus-config + namespace: kubeflow diff --git a/tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_serviceaccount_spartakus.yaml b/tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_serviceaccount_spartakus.yaml new file mode 100644 index 0000000000..be719e7753 --- /dev/null +++ b/tests/stacks/azure/application/spartakus/test_data/expected/~g_v1_serviceaccount_spartakus.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus + namespace: kubeflow diff --git a/tests/stacks/azure/kustomize_test.go b/tests/stacks/azure/kustomize_test.go new file mode 100644 index 0000000000..1f75e6849c --- /dev/null +++ b/tests/stacks/azure/kustomize_test.go @@ -0,0 +1,15 @@ +package azure + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../stacks/azure", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/metadata/kustomize_test.go b/tests/stacks/azure/metadata/kustomize_test.go new file mode 100644 index 0000000000..8d38b86f84 --- /dev/null +++ b/tests/stacks/azure/metadata/kustomize_test.go @@ -0,0 +1,15 @@ +package metadata + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../stacks/azure/metadata", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/azure/metadata/test_data/expected/default_apps_v1_deployment_deployment.yaml b/tests/stacks/azure/metadata/test_data/expected/default_apps_v1_deployment_deployment.yaml new file mode 100644 index 0000000000..4c32f301e0 --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/default_apps_v1_deployment_deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: server + kustomize.component: metadata + name: deployment +spec: + replicas: 1 + selector: + matchLabels: + component: server + kustomize.component: metadata + template: + metadata: + labels: + component: server + kustomize.component: metadata + spec: + containers: + - command: + - ./server/server + - --http_port=8080 + - --mysql_service_host=$(MYSQL_HOST) + - --mlmd_db_name=$(MYSQL_DATABASE) + - --mysql_service_port=$(MYSQL_PORT) + - --mysql_service_user=$(MYSQL_USERNAME) + - --mysql_service_password=$(MYSQL_PASSWORD) + envFrom: + - configMapRef: + name: metadata-db-parameters-hc59m6d49g + - secretRef: + name: metadata-db-secrets-c9d6622b8k + name: container diff --git a/tests/stacks/azure/metadata/test_data/expected/default_~g_v1_configmap_metadata-db-parameters-hc59m6d49g.yaml b/tests/stacks/azure/metadata/test_data/expected/default_~g_v1_configmap_metadata-db-parameters-hc59m6d49g.yaml new file mode 100644 index 0000000000..7b130a6fea --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/default_~g_v1_configmap_metadata-db-parameters-hc59m6d49g.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: mlmetadata + MYSQL_HOST: '[db_name].mysql.database.azure.com' + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-db-parameters-hc59m6d49g diff --git a/tests/stacks/azure/metadata/test_data/expected/default_~g_v1_secret_metadata-db-secrets-c9d6622b8k.yaml b/tests/stacks/azure/metadata/test_data/expected/default_~g_v1_secret_metadata-db-secrets-c9d6622b8k.yaml new file mode 100644 index 0000000000..4bca41cac0 --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/default_~g_v1_secret_metadata-db-secrets-c9d6622b8k.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + MYSQL_PASSWORD: W2FkbWluX3Bhc3N3b3JkXQ== + MYSQL_USERNAME: W2FkbWluX3VzZXJfbmFtZV1AW2RiX25hbWVd +kind: Secret +metadata: + labels: + kustomize.component: metadata + name: metadata-db-secrets-c9d6622b8k +type: Opaque diff --git a/tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..66929f9f1d --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..9df90ec9c1 --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/kubeflow_apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=$(MYSQL_HOST) + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USERNAME) + - --mysql_config_password=$(MYSQL_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..b8605cd7b7 --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 0000000000..d6a0de88e5 --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 0000000000..88f6246f90 --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 0000000000..a7f38d715b --- /dev/null +++ b/tests/stacks/azure/metadata/test_data/expected/kubeflow_~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml new file mode 100644 index 0000000000..2879750ea8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/admission-webhook-cert + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-mutating-webhook-configuration +webhooks: +- clientConfig: + caBundle: "" + service: + name: admission-webhook-service + namespace: kubeflow + path: /apply-poddefault + name: admission-webhook-deployment.kubeflow.org + namespaceSelector: + matchLabels: + app.kubernetes.io/part-of: kubeflow-profile + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml new file mode 100644 index 0000000000..b8ca4aa4c9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml @@ -0,0 +1,57 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: inferenceservice.serving.kubeflow.org +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: kfserving-webhook-server-service + namespace: kubeflow + path: /mutate-inferenceservices + failurePolicy: Fail + name: inferenceservice.kfserving-webhook-server.defaulter + rules: + - apiGroups: + - serving.kubeflow.org + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - inferenceservices +- clientConfig: + caBundle: Cg== + service: + name: kfserving-webhook-server-service + namespace: kubeflow + path: /mutate-pods + failurePolicy: Fail + name: inferenceservice.kfserving-webhook-server.pod-mutator + namespaceSelector: + matchExpressions: + - key: control-plane + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: serving.kubeflow.org/inferenceservice + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.istio.networking.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.istio.networking.internal.knative.dev.yaml new file mode 100644 index 0000000000..2079d17e31 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.istio.networking.internal.knative.dev.yaml @@ -0,0 +1,23 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: webhook.istio.networking.internal.knative.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: istio-webhook + namespace: kubeflow + failurePolicy: Fail + name: webhook.istio.networking.internal.knative.dev + objectSelector: + matchExpressions: + - key: serving.knative.dev/configuration + operator: Exists + sideEffects: None diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.serving.knative.dev.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.serving.knative.dev.yaml new file mode 100644 index 0000000000..2c0f6c8e12 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_webhook.serving.knative.dev.yaml @@ -0,0 +1,19 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: webhook.serving.knative.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook + namespace: kubeflow + failurePolicy: Fail + name: webhook.serving.knative.dev + sideEffects: None diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.istio.networking.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.istio.networking.internal.knative.dev.yaml new file mode 100644 index 0000000000..c64e779719 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.istio.networking.internal.knative.dev.yaml @@ -0,0 +1,23 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config.webhook.istio.networking.internal.knative.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: istio-webhook + namespace: kubeflow + failurePolicy: Fail + name: config.webhook.istio.networking.internal.knative.dev + namespaceSelector: + matchExpressions: + - key: serving.knative.dev/release + operator: Exists + sideEffects: None diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.serving.knative.dev.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.serving.knative.dev.yaml new file mode 100644 index 0000000000..12d7c28ff5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_config.webhook.serving.knative.dev.yaml @@ -0,0 +1,23 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config.webhook.serving.knative.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook + namespace: kubeflow + failurePolicy: Fail + name: config.webhook.serving.knative.dev + namespaceSelector: + matchExpressions: + - key: serving.knative.dev/release + operator: Exists + sideEffects: None diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml new file mode 100644 index 0000000000..f48d420c35 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_inferenceservice.serving.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: inferenceservice.serving.kubeflow.org +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: kfserving-webhook-server-service + namespace: kubeflow + path: /validate-inferenceservices + failurePolicy: Fail + name: inferenceservice.kfserving-webhook-server.validator + rules: + - apiGroups: + - serving.kubeflow.org + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - inferenceservices diff --git a/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_validation.webhook.serving.knative.dev.yaml b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_validation.webhook.serving.knative.dev.yaml new file mode 100644 index 0000000000..81d728e7f2 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_validation.webhook.serving.knative.dev.yaml @@ -0,0 +1,19 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: validation.webhook.serving.knative.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook + namespace: kubeflow + failurePolicy: Fail + name: validation.webhook.serving.knative.dev + sideEffects: None diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.networking.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.networking.internal.knative.dev.yaml new file mode 100644 index 0000000000..f0661a3919 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.networking.internal.knative.dev.yaml @@ -0,0 +1,32 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: certificates.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - knative-internal + - networking + kind: Certificate + plural: certificates + shortNames: + - kcert + singular: certificate + scope: Namespaced + subresources: + status: {} + version: v1alpha1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_configurations.serving.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_configurations.serving.knative.dev.yaml new file mode 100644 index 0000000000..0687243b57 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_configurations.serving.knative.dev.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + duck.knative.dev/podspecable: "true" + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: configurations.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.latestCreatedRevisionName + name: LatestCreated + type: string + - JSONPath: .status.latestReadyRevisionName + name: LatestReady + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: webhook + namespace: knative-serving + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Configuration + plural: configurations + shortNames: + - config + - cfg + singular: configuration + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: false + - name: v1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml new file mode 100644 index 0000000000..d5c52ecf04 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: experiments.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Experiment + plural: experiments + singular: experiment + scope: Namespaced + subresources: + status: {} + version: v1beta1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_images.caching.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_images.caching.internal.knative.dev.yaml new file mode 100644 index 0000000000..54e2a31781 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_images.caching.internal.knative.dev.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + knative.dev/crd-install: "true" + kustomize.component: knative + name: images.caching.internal.knative.dev +spec: + group: caching.internal.knative.dev + names: + categories: + - knative-internal + - caching + kind: Image + plural: images + shortNames: + - img + singular: image + scope: Namespaced + subresources: + status: {} + version: v1alpha1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_inferenceservices.serving.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_inferenceservices.serving.kubeflow.org.yaml new file mode 100644 index 0000000000..92abef117b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_inferenceservices.serving.kubeflow.org.yaml @@ -0,0 +1,3941 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.1-0.20200528125929-5c0c6ae3b64b + creationTimestamp: null + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: inferenceservices.serving.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.url + name: URL + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.traffic + name: Default Traffic + type: integer + - JSONPath: .status.canaryTraffic + name: Canary Traffic + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: serving.kubeflow.org + names: + kind: InferenceService + listKind: InferenceServiceList + plural: inferenceservices + shortNames: + - inferenceservice + singular: inferenceservice + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + canary: + properties: + explainer: + properties: + alibi: + properties: + config: + additionalProperties: + type: string + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + type: + type: string + required: + - type + type: object + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + custom: + properties: + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + required: + - container + type: object + logger: + properties: + mode: + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + parallelism: + type: integer + serviceAccountName: + type: string + type: object + predictor: + properties: + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + custom: + properties: + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + required: + - container + type: object + logger: + properties: + mode: + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + onnx: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + parallelism: + type: integer + pytorch: + properties: + modelClassName: + type: string + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + serviceAccountName: + type: string + sklearn: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + tensorflow: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + triton: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + xgboost: + properties: + nthread: + type: integer + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + type: object + transformer: + properties: + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + custom: + properties: + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + required: + - container + type: object + logger: + properties: + mode: + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + parallelism: + type: integer + serviceAccountName: + type: string + type: object + required: + - predictor + type: object + canaryTrafficPercent: + type: integer + default: + properties: + explainer: + properties: + alibi: + properties: + config: + additionalProperties: + type: string + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + type: + type: string + required: + - type + type: object + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + custom: + properties: + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + required: + - container + type: object + logger: + properties: + mode: + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + parallelism: + type: integer + serviceAccountName: + type: string + type: object + predictor: + properties: + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + custom: + properties: + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + required: + - container + type: object + logger: + properties: + mode: + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + onnx: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + parallelism: + type: integer + pytorch: + properties: + modelClassName: + type: string + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + serviceAccountName: + type: string + sklearn: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + tensorflow: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + triton: + properties: + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + xgboost: + properties: + nthread: + type: integer + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + storageUri: + type: string + required: + - storageUri + type: object + type: object + transformer: + properties: + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + custom: + properties: + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + required: + - container + type: object + logger: + properties: + mode: + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + parallelism: + type: integer + serviceAccountName: + type: string + type: object + required: + - predictor + type: object + required: + - default + type: object + status: + properties: + address: + properties: + url: + type: string + type: object + canary: + additionalProperties: + properties: + host: + type: string + name: + type: string + type: object + type: object + canaryTraffic: + type: integer + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + default: + additionalProperties: + properties: + host: + type: string + name: + type: string + type: object + type: object + observedGeneration: + format: int64 + type: integer + traffic: + type: integer + url: + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_ingresses.networking.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_ingresses.networking.internal.knative.dev.yaml new file mode 100644 index 0000000000..aac61a6241 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_ingresses.networking.internal.knative.dev.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: ingresses.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - knative-internal + - networking + kind: Ingress + plural: ingresses + shortNames: + - kingress + - king + singular: ingress + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.autoscaling.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.autoscaling.internal.knative.dev.yaml new file mode 100644 index 0000000000..2e71fdbfcd --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.autoscaling.internal.knative.dev.yaml @@ -0,0 +1,30 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: metrics.autoscaling.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: autoscaling.internal.knative.dev + names: + categories: + - knative-internal + - autoscaling + kind: Metric + plural: metrics + singular: metric + scope: Namespaced + subresources: + status: {} + version: v1alpha1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mpijobs.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mpijobs.kubeflow.org.yaml new file mode 100644 index 0000000000..f59db66ec0 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mpijobs.kubeflow.org.yaml @@ -0,0 +1,156 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + name: mpijobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: MPIJob + plural: mpijobs + shortNames: + - mj + - mpij + singular: mpijob + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + description: Only one of gpus, processingUnits, or replicas should be + specified + oneOf: + - properties: + gpus: + description: Valid values are 1, 2, 4, or any multiple of 8 + oneOf: + - enum: + - 1 + - 2 + - 4 + type: integer + - minimum: 8 + multipleOf: 8 + type: integer + title: Total number of GPUs + gpusPerNode: + description: Defaults to the number of GPUs per worker + minimum: 1 + title: The maximum number of GPUs available per node + type: integer + slotsPerWorker: + description: Defaults to the number of processing units per worker + minimum: 1 + title: The number of slots per worker used in hostfile + type: integer + required: + - gpus + - properties: + processingResourceType: + description: Defaults to 'nvidia.com/gpu' + enum: + - nvidia.com/gpu + - cpu + title: The processing resource type, e.g. 'nvidia.com/gpu' or 'cpu' + type: string + processingUnits: + description: Valid values are 1, 2, 4, or any multiple of 8 + oneOf: + - enum: + - 1 + - 2 + - 4 + type: integer + - minimum: 8 + multipleOf: 8 + type: integer + title: Total number of processing units + processingUnitsPerNode: + description: Defaults to the number of processing units per worker + minimum: 1 + title: The maximum number of processing units available per node + type: integer + slotsPerWorker: + description: Defaults to the number of processing units per worker + minimum: 1 + title: The number of slots per worker used in hostfile + type: integer + required: + - processingUnits + - properties: + processingResourceType: + description: Defaults to 'nvidia.com/gpu' + enum: + - nvidia.com/gpu + - cpu + title: The processing resource type, e.g. 'nvidia.com/gpu' or 'cpu' + type: string + replicas: + description: The processing resource limit should be specified for + each replica + minimum: 1 + title: Total number of replicas + type: integer + slotsPerWorker: + description: Defaults to the number of processing units per worker + minimum: 1 + title: The number of slots per worker used in hostfile + type: integer + required: + - replicas + title: The MPIJob spec + served: false + storage: false + - name: v1alpha2 + schema: + openAPIV3Schema: + properties: + spec: + properties: + mpiReplicaSpecs: + properties: + Launcher: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + slotsPerWorker: + minimum: 1 + type: integer + served: true + storage: false + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + mpiReplicaSpecs: + properties: + Launcher: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + slotsPerWorker: + minimum: 1 + type: integer + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mxjobs.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mxjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..cdb2b4d628 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_mxjobs.kubeflow.org.yaml @@ -0,0 +1,58 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + name: mxjobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: MXJob + plural: mxjobs + singular: mxjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + mxReplicaSpecs: + properties: + Scheduler: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Server: + properties: + replicas: + minimum: 1 + type: integer + Tuner: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + TunerServer: + properties: + replicas: + minimum: 1 + type: integer + TunerTracker: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + version: v1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml new file mode 100644 index 0000000000..2009ccb90f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml @@ -0,0 +1,96 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebooks.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Notebook + plural: notebooks + singular: notebook + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + template: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + spec: + properties: + containers: + items: + properties: + resources: + properties: + limits: + properties: + cpu: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + memory: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + type: object + requests: + properties: + cpu: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + memory: + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + type: string + type: object + type: object + type: object + type: array + type: object + type: object + type: object + status: + properties: + conditions: + description: Conditions is an array of current conditions + items: + properties: + type: + description: Type of the confition/ + type: string + required: + - type + type: object + type: array + required: + - conditions + type: object + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_podautoscalers.autoscaling.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_podautoscalers.autoscaling.internal.knative.dev.yaml new file mode 100644 index 0000000000..0c81858ede --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_podautoscalers.autoscaling.internal.knative.dev.yaml @@ -0,0 +1,42 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: podautoscalers.autoscaling.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.desiredScale + name: DesiredScale + type: integer + - JSONPath: .status.actualScale + name: ActualScale + type: integer + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: autoscaling.internal.knative.dev + names: + categories: + - knative-internal + - autoscaling + kind: PodAutoscaler + plural: podautoscalers + shortNames: + - kpa + - pa + singular: podautoscaler + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml new file mode 100644 index 0000000000..808eb4db0c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: poddefaults.kubeflow.org +spec: + group: kubeflow.org + names: + kind: PodDefault + plural: poddefaults + singular: poddefault + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + desc: + type: string + env: + items: + type: object + type: array + envFrom: + items: + type: object + type: array + selector: + type: object + serviceAccountName: + type: string + volumeMounts: + items: + type: object + type: array + volumes: + items: + type: object + type: array + required: + - selector + type: object + status: + type: object + type: object + version: v1alpha1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 0000000000..c299e91151 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..2dc516cbcc --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorchjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: PyTorchJob + plural: pytorchjobs + singular: pytorchjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + pytorchReplicaSpecs: + properties: + Master: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_revisions.serving.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_revisions.serving.knative.dev.yaml new file mode 100644 index 0000000000..232e16809a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_revisions.serving.knative.dev.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: revisions.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .metadata.labels['serving\.knative\.dev/configuration'] + name: Config Name + type: string + - JSONPath: .status.serviceName + name: K8s Service Name + type: string + - JSONPath: .metadata.labels['serving\.knative\.dev/configurationGeneration'] + name: Generation + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: webhook + namespace: knative-serving + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Revision + plural: revisions + shortNames: + - rev + singular: revision + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: false + - name: v1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_routes.serving.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_routes.serving.knative.dev.yaml new file mode 100644 index 0000000000..4d5e1ac389 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_routes.serving.knative.dev.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + duck.knative.dev/addressable: "true" + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: routes.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.url + name: URL + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: webhook + namespace: knative-serving + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Route + plural: routes + shortNames: + - rt + singular: route + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: false + - name: v1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml new file mode 100644 index 0000000000..ddd151fa47 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml @@ -0,0 +1,2550 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: scheduledsparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: ScheduledSparkApplication + listKind: ScheduledSparkApplicationList + plural: scheduledsparkapplications + shortNames: + - scheduledsparkapp + singular: scheduledsparkapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + concurrencyPolicy: + type: string + failedRunHistoryLimit: + format: int32 + type: integer + schedule: + type: string + successfulRunHistoryLimit: + format: int32 + type: integer + suspend: + type: boolean + template: + properties: + arguments: + items: + type: string + type: array + batchScheduler: + type: string + batchSchedulerOptions: + properties: + priorityClassName: + type: string + queue: + type: string + type: object + deps: + properties: + downloadTimeout: + format: int32 + minimum: 1 + type: integer + files: + items: + type: string + type: array + filesDownloadDir: + type: string + jars: + items: + type: string + type: array + jarsDownloadDir: + type: string + maxSimultaneousDownloads: + format: int32 + minimum: 1 + type: integer + pyFiles: + items: + type: string + type: array + type: object + driver: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + executor: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + coreRequest: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + instances: + format: int32 + minimum: 1 + type: integer + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + failureRetries: + format: int32 + type: integer + hadoopConf: + additionalProperties: + type: string + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + type: string + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + configFile: + type: string + configuration: + type: string + jmxExporterJar: + type: string + port: + format: int32 + maximum: 49151 + minimum: 1024 + type: integer + required: + - jmxExporterJar + type: object + required: + - exposeDriverMetrics + - exposeExecutorMetrics + type: object + nodeSelector: + additionalProperties: + type: string + type: object + pythonVersion: + enum: + - "2" + - "3" + type: string + restartPolicy: + properties: + onFailureRetries: + format: int32 + minimum: 0 + type: integer + onFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + onSubmissionFailureRetries: + format: int32 + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + type: + enum: + - Never + - Always + - OnFailure + type: string + type: object + retryInterval: + format: int64 + type: integer + sparkConf: + additionalProperties: + type: string + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + timeToLiveSeconds: + format: int64 + type: integer + type: + enum: + - Java + - Python + - Scala + - R + type: string + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - driver + - executor + - mainApplicationFile + - sparkVersion + - type + type: object + required: + - schedule + - template + type: object + required: + - metadata + - spec + type: object + version: v1beta2 + versions: + - name: v1beta2 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 0000000000..39c462bb2e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serverlessservices.networking.internal.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serverlessservices.networking.internal.knative.dev.yaml new file mode 100644 index 0000000000..b86858ef53 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serverlessservices.networking.internal.knative.dev.yaml @@ -0,0 +1,47 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: serverlessservices.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .spec.mode + name: Mode + type: string + - JSONPath: .spec.numActivators + name: Activators + type: integer + - JSONPath: .status.serviceName + name: ServiceName + type: string + - JSONPath: .status.privateServiceName + name: PrivateServiceName + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - knative-internal + - networking + kind: ServerlessService + plural: serverlessservices + shortNames: + - sks + singular: serverlessservice + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serving.knative.dev.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serving.knative.dev.yaml new file mode 100644 index 0000000000..c9b0403ad2 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serving.knative.dev.yaml @@ -0,0 +1,65 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" + knative.dev/crd-install: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: services.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.url + name: URL + type: string + - JSONPath: .status.latestCreatedRevisionName + name: LatestCreated + type: string + - JSONPath: .status.latestReadyRevisionName + name: LatestReady + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: webhook + namespace: knative-serving + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Service + plural: services + shortNames: + - kservice + - ksvc + singular: service + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: false + - name: v1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml new file mode 100644 index 0000000000..bf9aacd2ff --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml @@ -0,0 +1,2532 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: sparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: SparkApplication + listKind: SparkApplicationList + plural: sparkapplications + shortNames: + - sparkapp + singular: sparkapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + arguments: + items: + type: string + type: array + batchScheduler: + type: string + batchSchedulerOptions: + properties: + priorityClassName: + type: string + queue: + type: string + type: object + deps: + properties: + downloadTimeout: + format: int32 + minimum: 1 + type: integer + files: + items: + type: string + type: array + filesDownloadDir: + type: string + jars: + items: + type: string + type: array + jarsDownloadDir: + type: string + maxSimultaneousDownloads: + format: int32 + minimum: 1 + type: integer + pyFiles: + items: + type: string + type: array + type: object + driver: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + executor: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + coreRequest: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + instances: + format: int32 + minimum: 1 + type: integer + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + failureRetries: + format: int32 + type: integer + hadoopConf: + additionalProperties: + type: string + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + type: string + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + configFile: + type: string + configuration: + type: string + jmxExporterJar: + type: string + port: + format: int32 + maximum: 49151 + minimum: 1024 + type: integer + required: + - jmxExporterJar + type: object + required: + - exposeDriverMetrics + - exposeExecutorMetrics + type: object + nodeSelector: + additionalProperties: + type: string + type: object + pythonVersion: + enum: + - "2" + - "3" + type: string + restartPolicy: + properties: + onFailureRetries: + format: int32 + minimum: 0 + type: integer + onFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + onSubmissionFailureRetries: + format: int32 + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + type: + enum: + - Never + - Always + - OnFailure + type: string + type: object + retryInterval: + format: int64 + type: integer + sparkConf: + additionalProperties: + type: string + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + timeToLiveSeconds: + format: int64 + type: integer + type: + enum: + - Java + - Python + - Scala + - R + type: string + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - driver + - executor + - mainApplicationFile + - sparkVersion + - type + type: object + required: + - metadata + - spec + type: object + version: v1beta2 + versions: + - name: v1beta2 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml new file mode 100644 index 0000000000..22efe19141 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: suggestions.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .spec.requests + name: Requested + type: string + - JSONPath: .status.suggestionCount + name: Assigned + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Suggestion + plural: suggestions + singular: suggestion + scope: Namespaced + subresources: + status: {} + version: v1beta1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..ebfcefbc9b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tfjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: TFJob + plural: tfjobs + singular: tfjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + tfReplicaSpecs: + properties: + Chief: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + PS: + properties: + replicas: + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml new file mode 100644 index 0000000000..4ab50ef082 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: trials.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Trial + plural: trials + singular: trial + scope: Namespaced + subresources: + status: {} + version: v1beta1 diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml new file mode 100644 index 0000000000..711e1a0029 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml new file mode 100644 index 0000000000..08f6d1185c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml new file mode 100644 index 0000000000..4c20d279dd --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Argo Workflows is an open source container-native workflow engine + for orchestrating parallel jobs on Kubernetes + keywords: + - argo + - kubeflow + links: + - description: About + url: https://github.com/argoproj/argo + maintainers: [] + owners: [] + type: argo + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml new file mode 100644 index 0000000000..a77aa95832 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml @@ -0,0 +1,57 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a Dashboard UI for kubeflow + keywords: + - centraldashboard + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/centraldashboard + maintainers: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + owners: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + type: centraldashboard + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/instance: centraldashboard-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: centraldashboard + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml new file mode 100644 index 0000000000..cef234ad80 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml @@ -0,0 +1,53 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + name: jupyter-web-app + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a UI which allows the user to create/conect/delete jupyter + notebooks. + keywords: + - jupyterhub + - jupyter ui + - notebooks + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app + - description: Docs + url: https://www.kubeflow.org/docs/notebooks + maintainers: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + owners: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + type: jupyter-web-app + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml new file mode 100644 index 0000000000..173425f3a9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml @@ -0,0 +1,70 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: Secret + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-controller + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-controller + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml new file mode 100644 index 0000000000..ff75fa592b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml @@ -0,0 +1,68 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: katib-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-crds + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-crds + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kfserving.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kfserving.yaml new file mode 100644 index 0000000000..ede8bec645 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kfserving.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: kfserving + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: StatefulSet + - group: core + kind: Service + - group: core + kind: Secret + - group: core + kind: ConfigMap + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + descriptor: + description: KFServing provides a Kubernetes Custom Resource Definition for serving + ML Models on arbitrary frameworks + keywords: + - kfserving + - inference + links: + - description: About + url: https://github.com/kubeflow/kfserving + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: kfserving + version: v0.4.1 + selector: + matchLabels: + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-crds.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-crds.yaml new file mode 100644 index 0000000000..aae5ccc8d6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-crds.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + name: knative-serving-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - knative-serving-crds + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: knative-serving-crds + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: knative-serving-crds + app.kubernetes.io/name: knative-serving-crds diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-install.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-install.yaml new file mode 100644 index 0000000000..2a834ceed9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_knative-serving-install.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + name: knative-serving-install + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - knative-serving-install + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: knative-serving-install + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml new file mode 100644 index 0000000000..1528604b3a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + annotations: + kubernetes-engine.cloud.google.com/icon: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: PersistentVolumeClaim + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment + - group: networking.istio.io/v1alpha3 + kind: VirtualService + descriptor: + description: Reusable end-to-end ML workflow + links: + - description: Kubeflow Pipelines Documentation + url: https://www.kubeflow.org/docs/pipelines/ + maintainers: + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines + type: Kubeflow Pipelines + version: 1.0.4 + selector: + matchLabels: + app.kubernetes.io/application: kubeflow-pipelines diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml new file mode 100644 index 0000000000..e1b386dfb9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml @@ -0,0 +1,31 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - minio + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: minio + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mpi-operator.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mpi-operator.yaml new file mode 100644 index 0000000000..1ccc57b61d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mpi-operator.yaml @@ -0,0 +1,48 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + name: mpi-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: MPIJob + descriptor: + description: Mpi-operator allows users to create and manage the "MPIJob" custom + resource. + keywords: + - mpijob + - mpi-operator + links: + - description: About + url: https://github.com/kubeflow/mpi-operator + maintainers: + - email: rong.ou@gmail.com + name: Rong Ou + - email: terrytangyuan@gmail.com + name: Yuan Tang + - email: stp.abhi@gmail.com + name: Abhilash Pallerlamudi + owners: + - email: rong.ou@gmail.com + name: Rong Ou + - email: terrytangyuan@gmail.com + name: Yuan Tang + type: mpi-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/instance: mpi-operator + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: mpi-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mxnet-operator.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mxnet-operator.yaml new file mode 100644 index 0000000000..328aafbc81 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mxnet-operator.yaml @@ -0,0 +1,51 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + name: mxnet-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: MXJob + descriptor: + description: mxnet-operator allows users to create and manage the "MXJob" custom + resource. + keywords: + - MXjob + - mxnet-operator + - mxnet-training + links: + - description: About + url: https://github.com/kubeflow/mxnet-operator + maintainers: + - email: suleisl2000@hotmail.com + name: Lei Su + - email: terrytangyuan@gmail.com + name: Yuan Tang + - email: seedjeffwan@gmail.com + name: Jiaxin Shan + owners: + - email: suleisl2000@hotmail.com + name: Lei Su + - email: terrytangyuan@gmail.com + name: Yuan Tang + - email: seedjeffwan@gmail.com + name: Jiaxin Shan + type: mxnet-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/instance: mxnet-operator-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: mxnet-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml new file mode 100644 index 0000000000..d4db458295 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - mysql + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: mysql + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml new file mode 100644 index 0000000000..f462651b3b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Notebooks controller allows users to create a custom resource \"Notebook\" + (jupyter notebook). + keywords: + - jupyter + - notebook + - notebook-controller + - jupyterhub + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/notebook-controller + maintainers: + - email: lunkai@google.com + name: Lun-kai Hsu + owners: + - email: lunkai@gogle.com + name: Lun-kai Hsu + type: notebook-controller + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/instance: notebook-controller-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: notebook-controller + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml new file mode 100644 index 0000000000..fc90772a0b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: kubeflow.org + kind: Profile + descriptor: + description: "" + keywords: + - profiles + - kubeflow + links: + - description: profiles + url: https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller + - description: kfam + url: https://github.com/kubeflow/kubeflow/tree/master/components/access-management + maintainers: + - email: kunming@google.com + name: Kunming Qu + owners: + - email: kunming@google.com + name: Kunming Qu + type: profiles + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/instance: profiles-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: profiles + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml new file mode 100644 index 0000000000..56a1457579 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorch-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-job-crds contains the "PyTorchJob" custom resource definition. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml new file mode 100644 index 0000000000..44ea79a4b8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-operator allows users to create and manage the "PyTorchJob" + custom resource. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml new file mode 100644 index 0000000000..47bbe36a1d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml @@ -0,0 +1,42 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + name: spark-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: SparkOperator + descriptor: + description: Spark-operator allows users to create and manage the "SparkApplication" + custom resource. + keywords: + - spark + maintainers: + - email: holden@pigscanfly.ca + name: Holden Karau + owners: + - email: holden@pigscanfly.ca + name: Holden Karau + type: spark-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: sppark-operator + app.kubernetes.io/instance: spark-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml new file mode 100644 index 0000000000..531fe0dac7 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml @@ -0,0 +1,37 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + name: spartakus + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: "" + keywords: + - spartakus + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: spartakus + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/instance: spartakus-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: spartakus + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml new file mode 100644 index 0000000000..fc9715bb53 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tf-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-job-crds contains the "TFJob" custom resource definition. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml new file mode 100644 index 0000000000..6e38dd861e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml @@ -0,0 +1,47 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-operator allows users to create and manage the "TFJob" custom + resource. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml new file mode 100644 index 0000000000..fcf807af27 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: webhook + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: StatefulSet + - group: core + kind: Service + - group: core + kind: ServiceAccount + descriptor: + description: injects volume, volume mounts, env vars into PodDefault + keywords: + - admission-webhook + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/admission-webhook + maintainers: [] + owners: [] + type: bootstrap + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/instance: webhook-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: webhook + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_activator.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_activator.yaml new file mode 100644 index 0000000000..6fe7c865f1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_activator.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: activator + namespace: kubeflow +spec: + selector: + matchLabels: + app: activator + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: activator + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: activator + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: activator + serving.knative.dev/release: v0.14.3 + spec: + containers: + - env: + - name: GOGC + value: "500" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/serving + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:ffa3d72ee6c2eeb2357999248191a643405288061b7080381f22875cb703e929 + livenessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: activator + port: 8012 + name: activator + ports: + - containerPort: 8012 + name: http1 + - containerPort: 8013 + name: h2c + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + readinessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: activator + port: 8012 + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 300m + memory: 60Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller + terminationGracePeriodSeconds: 300 diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml new file mode 100644 index 0000000000..8b8111f51b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + spec: + containers: + - args: + - --tlsCertFile=/etc/webhook/certs/tls.crt + - --tlsKeyFile=/etc/webhook/certs/tls.key + image: gcr.io/kubeflow-images-public/admission-webhook:vmaster-gaf96e4e3 + name: admission-webhook + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-cert + readOnly: true + serviceAccountName: admission-webhook-service-account + volumes: + - name: webhook-cert + secret: + secretName: webhook-certs diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_argo-ui.yaml new file mode 100644 index 0000000000..94c841f165 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_argo-ui.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: BASE_HREF + value: /argo/ + image: argoproj/argoui:v2.3.0 + imagePullPolicy: IfNotPresent + name: argo-ui + readinessProbe: + httpGet: + path: / + port: 8001 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo-ui + serviceAccountName: argo-ui + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_autoscaler.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_autoscaler.yaml new file mode 100644 index 0000000000..82d4fbfa51 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_autoscaler.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: autoscaler + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: autoscaler + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: autoscaler + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + spec: + containers: + - args: + - --secure-port=8443 + - --cert-dir=/tmp + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:f89fd23889c3e0ca3d8e42c9b189dc2f93aa5b3a91c64e8aab75e952a210eeb3 + livenessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: autoscaler + port: 8080 + name: autoscaler + ports: + - containerPort: 8080 + name: websocket + - containerPort: 9090 + name: metrics + - containerPort: 8443 + name: custom-metrics + - containerPort: 8008 + name: profiling + readinessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: autoscaler + port: 8080 + resources: + limits: + cpu: 300m + memory: 400Mi + requests: + cpu: 30m + memory: 40Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml new file mode 100644 index 0000000000..e8a95f1f1a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.0.4 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-server.yaml new file mode 100644 index 0000000000..a5373e3d14 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cacheDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-server:1.0.4 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_centraldashboard.yaml new file mode 100644 index 0000000000..254855baed --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_centraldashboard.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-bk4bc7m928 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-bk4bc7m928 + image: gcr.io/kubeflow-images-public/centraldashboard:vmaster-gd601b2d0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 30 + name: centraldashboard + ports: + - containerPort: 8082 + protocol: TCP + serviceAccountName: centraldashboard diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_controller.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_controller.yaml new file mode 100644 index 0000000000..e66bb4dc38 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_controller.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: controller + namespace: kubeflow +spec: + selector: + matchLabels: + app: controller + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: controller + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/serving + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:b86ac8ecc6b2688a0e0b9cb68298220a752125d0a048b8edf2cf42403224393c + name: controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + resources: + limits: + cpu: 1000m + memory: 1000Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_istio-webhook.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_istio-webhook.yaml new file mode 100644 index 0000000000..cd480284f7 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_istio-webhook.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: istio-webhook + namespace: kubeflow +spec: + selector: + matchLabels: + app: istio-webhook + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: istio-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: istio-webhook + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: istio-webhook + serving.knative.dev/release: v0.14.3 + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/net-istio + - name: WEBHOOK_NAME + value: istio-webhook + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:e6b142c0f82e0e0b8cb670c11eb4eef6ded827f98761bbf4bea7bdb777b80092 + name: webhook + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8443 + name: https-webhook + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 20m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 0000000000..591a96acbb --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + key: ROK_SECRET_NAME + name: jupyter-web-app-parameters + - name: UI + valueFrom: + configMapKeyRef: + key: UI + name: jupyter-web-app-parameters + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-bk4bc7m928 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-bk4bc7m928 + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + imagePullPolicy: Always + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config + name: config-volume diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-controller.yaml new file mode 100644 index 0000000000..4bbc9d3fbf --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + template: + metadata: + annotations: + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + spec: + containers: + - args: + - --webhook-port=8443 + - --trial-resources=Job.v1.batch + - --trial-resources=TFJob.v1.kubeflow.org + - --trial-resources=PyTorchJob.v1.kubeflow.org + - --trial-resources=MPIJob.v1.kubeflow.org + - --trial-resources=PipelineRun.v1beta1.tekton.dev + command: + - ./katib-controller + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/kubeflowkatib/katib-controller:v1beta1-a96ff59 + imagePullPolicy: IfNotPresent + name: katib-controller + ports: + - containerPort: 8443 + name: webhook + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + serviceAccountName: katib-controller + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: katib-controller diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-db-manager.yaml new file mode 100644 index 0000000000..16949634b7 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + spec: + containers: + - command: + - ./katib-db-manager + env: + - name: DB_NAME + value: mysql + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + image: docker.io/kubeflowkatib/katib-db-manager:v1beta1-a96ff59 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 60 + name: katib-db-manager + ports: + - containerPort: 6789 + name: api + readinessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + initialDelaySeconds: 5 diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml new file mode 100644 index 0000000000..e92ff7c8c4 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + strategy: + type: Recreate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: katib + image: mysql:8 + livenessProbe: + exec: + command: + - /bin/bash + - -c + - mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD} + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: katib-mysql + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D ${MYSQL_DATABASE} -u root -p${MYSQL_ROOT_PASSWORD} -e 'SELECT + 1' + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: katib-mysql + volumes: + - name: katib-mysql + persistentVolumeClaim: + claimName: katib-mysql diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-ui.yaml new file mode 100644 index 0000000000..4b9d958995 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + spec: + containers: + - args: + - --port=8080 + command: + - ./katib-ui + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/kubeflowkatib/katib-ui:v1beta1-a96ff59 + imagePullPolicy: IfNotPresent + name: katib-ui + ports: + - containerPort: 8080 + name: ui + serviceAccountName: katib-ui diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml new file mode 100644 index 0000000000..749bc40837 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: db + kustomize.component: metadata + strategy: + type: Recreate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: db + kustomize.component: metadata + name: db + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: mysql:8.0.3 + name: db-container + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D $$MYSQL_DATABASE -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: metadata-mysql + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..66929f9f1d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..5f53346cb8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=metadata-db + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USER_NAME) + - --mysql_config_password=$(MYSQL_ROOT_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-writer.yaml new file mode 100644 index 0000000000..77004306de --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: metadata-writer + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/metadata-writer:1.0.4 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_minio.yaml new file mode 100644 index 0000000000..31a7a91930 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_minio.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..3d8cd5347c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH + value: "86400" + image: gcr.io/ml-pipeline/persistenceagent:1.0.4 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..d395adaed4 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.4 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..1a60f06ce5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:1.0.4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true + serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml new file mode 100644 index 0000000000..c2874009d9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.4 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..bf0ef4fb76 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.0.4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline.yaml new file mode 100644 index 0000000000..1fb43d9089 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/api-server:1.0.4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_mpi-operator.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_mpi-operator.yaml new file mode 100644 index 0000000000..0c1efb4e29 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_mpi-operator.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + name: mpi-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: mpi-operator + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: mpi-operator + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + spec: + containers: + - args: + - -alsologtostderr + - --lock-namespace + - kubeflow + - --kubectl-delivery-image + - mpioperator/kubectl-delivery:latest + image: mpioperator/mpi-operator:latest + imagePullPolicy: Always + name: mpi-operator + serviceAccountName: mpi-operator diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_mxnet-operator.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_mxnet-operator.yaml new file mode 100644 index 0000000000..a0724c00d7 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_mxnet-operator.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + name: mxnet-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + name: mxnet-operator + spec: + containers: + - command: + - /opt/kubeflow/mxnet-operator.v1 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: kubeflow/mxnet-operator:v1.0.0-20200625 + imagePullPolicy: Always + name: mxnet-operator + serviceAccountName: mxnet-operator diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_mysql.yaml new file mode 100644 index 0000000000..b47bdbb60a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_mysql.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_networking-istio.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_networking-istio.yaml new file mode 100644 index 0000000000..601316d71e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_networking-istio.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + networking.knative.dev/ingress-provider: istio + serving.knative.dev/release: v0.14.3 + name: networking-istio + namespace: kubeflow +spec: + selector: + matchLabels: + app: networking-istio + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + sidecar.istio.io/inject: "false" + labels: + app: networking-istio + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/net-istio + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:75c7918ca887622e7242ec1965f87036db1dc462464810b72735a8e64111f6f7 + name: networking-istio + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + resources: + limits: + cpu: 300m + memory: 400Mi + requests: + cpu: 30m + memory: 40Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml new file mode 100644 index 0000000000..44d27f8695 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + spec: + containers: + - command: + - /manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + key: USE_ISTIO + name: notebook-controller-notebook-controller-config-h4d668t5tb + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + key: ISTIO_GATEWAY + name: notebook-controller-notebook-controller-config-h4d668t5tb + image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-gf39279c0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + serviceAccountName: notebook-controller-service-account diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 0000000000..6ccfc949fa --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kustomize.component: profiles + name: profiles-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + kustomize.component: profiles + spec: + containers: + - args: null + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-bk4bc7m928 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-bk4bc7m928 + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/profile-controller:vmaster-g34aa47c2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: null + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + - -userid-header + - $(USERID_HEADER) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-bk4bc7m928 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-bk4bc7m928 + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_pytorch-operator.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_pytorch-operator.yaml new file mode 100644 index 0000000000..fec6851c6a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_pytorch-operator.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + spec: + containers: + - command: + - /pytorch-operator.v1 + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/pytorch-operator:vmaster-g518f9c76 + name: pytorch-operator + serviceAccountName: pytorch-operator diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml new file mode 100644 index 0000000000..8f9cf52035 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorsparkoperator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator + spec: + containers: + - args: + - -v=2 + - -namespace= + - -ingress-url-format= + - -controller-threads=10 + - -resync-interval=30 + - -logtostderr + - -enable-metrics=true + - -metrics-labels=app_type + - -metrics-port=10254 + - -metrics-endpoint=/metrics + - -metrics-prefix= + image: gcr.io/spark-operator/spark-operator:v1beta2-1.1.0-2.4.5 + imagePullPolicy: IfNotPresent + name: sparkoperator + ports: + - containerPort: 10254 + serviceAccountName: spark-operatoroperator-sa diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml new file mode 100644 index 0000000000..6a4c558264 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus-volunteer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: spartakus-volunteer + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + spec: + containers: + - args: + - volunteer + - --cluster-id=$(USAGE_ID) + - --database=https://stats-collector.kubeflow.org + env: + - name: USAGE_ID + valueFrom: + configMapKeyRef: + key: usageId + name: spartakus-config + image: gcr.io/google_containers/spartakus-amd64:v1.1.0 + name: volunteer + serviceAccountName: spartakus diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_tf-job-operator.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_tf-job-operator.yaml new file mode 100644 index 0000000000..8ecdd25f1b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_tf-job-operator.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + spec: + containers: + - args: + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/tf_operator:vmaster-gda226016 + name: tf-job-operator + serviceAccountName: tf-job-operator diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_webhook.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_webhook.yaml new file mode 100644 index 0000000000..e8124bc1c6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_webhook.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: webhook + namespace: kubeflow +spec: + selector: + matchLabels: + app: webhook + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: webhook + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: webhook + serving.knative.dev/release: v0.14.3 + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:7e6df0fda229a13219bbc90ff72a10434a0c64cd7fe13dc534b914247d1087f4 + name: webhook + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8443 + name: https-webhook + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 20m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_workflow-controller.yaml new file mode 100644 index 0000000000..a7fdf681eb --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_workflow-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/azure/test_data/expected/apps_v1_statefulset_kfserving-controller-manager.yaml b/tests/stacks/azure/test_data/expected/apps_v1_statefulset_kfserving-controller-manager.yaml new file mode 100644 index 0000000000..a2c14fbdd6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/apps_v1_statefulset_kfserving-controller-manager.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: kfserving-controller-manager + controller-tools.k8s.io: "1.0" + kustomize.component: kfserving + name: kfserving-controller-manager + namespace: kubeflow +spec: + selector: + matchLabels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: kfserving-controller-manager + controller-tools.k8s.io: "1.0" + kustomize.component: kfserving + serviceName: controller-manager-service + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: kfserving-controller-manager + controller-tools.k8s.io: "1.0" + kustomize.component: kfserving + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + - args: + - --metrics-addr=127.0.0.1:8080 + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SECRET_NAME + value: kfserving-webhook-server-cert + image: gcr.io/kfserving/kfserving-controller:v0.4.1 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 443 + name: webhook-server + protocol: TCP + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: kfserving-webhook-server-cert diff --git a/tests/stacks/azure/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_activator.yaml b/tests/stacks/azure/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_activator.yaml new file mode 100644 index 0000000000..e59e9fbf68 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_activator.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: activator + namespace: kubeflow +spec: + maxReplicas: 20 + metrics: + - resource: + name: cpu + targetAverageUtilization: 100 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: activator diff --git a/tests/stacks/azure/test_data/expected/caching.internal.knative.dev_v1alpha1_image_queue-proxy.yaml b/tests/stacks/azure/test_data/expected/caching.internal.knative.dev_v1alpha1_image_queue-proxy.yaml new file mode 100644 index 0000000000..a872046984 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/caching.internal.knative.dev_v1alpha1_image_queue-proxy.yaml @@ -0,0 +1,12 @@ +apiVersion: caching.internal.knative.dev/v1alpha1 +kind: Image +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: queue-proxy + namespace: kubeflow +spec: + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:d066ae5b642885827506610ae25728d442ce11447b82df6e9cc4c174bb97ecb3 diff --git a/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml b/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml new file mode 100644 index 0000000000..c9e1f4f031 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: admission-webhook-cert + namespace: kubeflow +spec: + commonName: admission-webhook-service.kubeflow.svc + dnsNames: + - admission-webhook-service.kubeflow.svc + - admission-webhook-service.kubeflow.svc.cluster.local + isCA: true + issuerRef: + kind: ClusterIssuer + name: kubeflow-self-signing-issuer + secretName: webhook-certs diff --git a/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_serving-cert.yaml b/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_serving-cert.yaml new file mode 100644 index 0000000000..2bee492dde --- /dev/null +++ b/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_certificate_serving-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: serving-cert + namespace: kubeflow +spec: + commonName: kfserving-webhook-server-service.kubeflow.svc + dnsNames: + - kfserving-webhook-server-service.kubeflow.svc + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: kfserving-webhook-server-cert diff --git a/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_issuer_selfsigned-issuer.yaml b/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_issuer_selfsigned-issuer.yaml new file mode 100644 index 0000000000..66e2c6a096 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/cert-manager.io_v1alpha2_issuer_selfsigned-issuer.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: selfsigned-issuer + namespace: kubeflow +spec: + selfSigned: {} diff --git a/tests/stacks/azure/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml b/tests/stacks/azure/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml new file mode 100644 index 0000000000..d80509f7d0 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml @@ -0,0 +1,9 @@ +apiVersion: kubeflow.org/v1beta1 +kind: Profile +metadata: + name: anonymous + namespace: kubeflow +spec: + owner: + kind: User + name: anonymous diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_gateway_cluster-local-gateway.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_gateway_cluster-local-gateway.yaml new file mode 100644 index 0000000000..dadc42db87 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_gateway_cluster-local-gateway.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + networking.knative.dev/ingress-provider: istio + serving.knative.dev/release: v0.14.3 + name: cluster-local-gateway + namespace: kubeflow +spec: + selector: + istio: cluster-local-gateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml new file mode 100644 index 0000000000..b21f7c8f37 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /argo/ + rewrite: + uri: / + route: + - destination: + host: argo-ui.$(namespace).svc.$(clusterDomain) + port: + number: 80 diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml new file mode 100644 index 0000000000..dae2cb2961 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: / + rewrite: + uri: / + route: + - destination: + host: centraldashboard.$(namespace).svc.$(clusterDomain) + port: + number: 80 diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml new file mode 100644 index 0000000000..df4b224d44 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: jupyter-web-app + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /jupyter + match: + - uri: + prefix: /jupyter/ + rewrite: + uri: / + route: + - destination: + host: jupyter-web-app-service.$(namespace).svc.$(clusterDomain) + port: + number: 80 diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml new file mode 100644 index 0000000000..f3922487e9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /katib/ + rewrite: + uri: /katib/ + route: + - destination: + host: katib-ui.kubeflow.svc.$(clusterDomain) + port: + number: 80 diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml new file mode 100644 index 0000000000..cc9741b27e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: metadata-envoy-service.kubeflow.svc.cluster.local + port: + number: 9090 + timeout: 300s diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..97d86b336f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.$(clusterDomain) + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml new file mode 100644 index 0000000000..8d29ff183f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /kfam + match: + - uri: + prefix: /kfam/ + rewrite: + uri: /kfam/ + route: + - destination: + host: profiles-kfam.$(namespace).svc.cluster.local + port: + number: 8081 diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml new file mode 100644 index 0000000000..3ed69a58a6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - watch + - list + - update + - create + - patch + - delete diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml new file mode 100644 index 0000000000..ae97df8cf3 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: admission-webhook-kubeflow-poddefaults-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml new file mode 100644 index 0000000000..09813d57ad --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: admission-webhook-kubeflow-poddefaults-edit +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml new file mode 100644 index 0000000000..1a80b46609 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: admission-webhook-kubeflow-poddefaults-view +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml new file mode 100644 index 0000000000..7491bff88e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +rules: +- apiGroups: + - "" + resources: + - events + - namespaces + - nodes + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 0000000000..0c0539fd4b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 0000000000..7372f11b74 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 0000000000..6e3413fe9a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 0000000000..7efa2fe3c1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml new file mode 100644 index 0000000000..0536e926a8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -0,0 +1,92 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + - secrets + - events + - namespaces + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - pods/log + - pods/status + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - experiments/status + - experiments/finalizers + - trials + - trials/status + - trials/finalizers + - suggestions + - suggestions/status + - suggestions/finalizers + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - pytorchjobs + - mpijobs + verbs: + - '*' +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml new file mode 100644 index 0000000000..66faccefb1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-manager-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-manager-role.yaml new file mode 100644 index 0000000000..20101b5c10 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-manager-role.yaml @@ -0,0 +1,169 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: kfserving-manager-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - virtualservices/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - virtualservices/status + verbs: + - get + - patch + - update +- apiGroups: + - serving.knative.dev + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.knative.dev + resources: + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.knative.dev + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - serving.kubeflow.org + resources: + - inferenceservices + - inferenceservices/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kubeflow.org + resources: + - inferenceservices/status + verbs: + - get + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-proxy-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-proxy-role.yaml new file mode 100644 index 0000000000..3224dc4cac --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kfserving-proxy-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: kfserving-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-addressable-resolver.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-addressable-resolver.yaml new file mode 100644 index 0000000000..e59f35d5f4 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-addressable-resolver.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + duck.knative.dev/addressable: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: knative-serving-addressable-resolver +rules: +- apiGroups: + - serving.knative.dev + resources: + - routes + - routes/status + - services + - services/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-admin.yaml new file mode 100644 index 0000000000..defbbc5955 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + serving.knative.dev/controller: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: knative-serving-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-core.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-core.yaml new file mode 100644 index 0000000000..522c106ceb --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-core.yaml @@ -0,0 +1,128 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/controller: "true" + serving.knative.dev/release: v0.14.3 + name: knative-serving-core +rules: +- apiGroups: + - "" + resources: + - pods + - namespaces + - secrets + - configmaps + - endpoints + - services + - events + - serviceaccounts + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - endpoints/restricted + verbs: + - create +- apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - serving.knative.dev + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + resources: + - '*' + - '*/status' + - '*/finalizers' + verbs: + - get + - list + - create + - update + - delete + - deletecollection + - patch + - watch +- apiGroups: + - caching.internal.knative.dev + resources: + - images + verbs: + - get + - list + - create + - update + - delete + - patch + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-istio.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-istio.yaml new file mode 100644 index 0000000000..81fd9a6fbc --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-istio.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + networking.knative.dev/ingress-provider: istio + serving.knative.dev/controller: "true" + serving.knative.dev/release: v0.14.3 + name: knative-serving-istio +rules: +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - gateways + verbs: + - get + - list + - create + - update + - delete + - patch + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-admin.yaml new file mode 100644 index 0000000000..1b1d7787c0 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-admin.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + rbac.authorization.k8s.io/aggregate-to-admin: "true" + serving.knative.dev/release: v0.14.3 + name: knative-serving-namespaced-admin +rules: +- apiGroups: + - serving.knative.dev + - networking.internal.knative.dev + - autoscaling.internal.knative.dev + - caching.internal.knative.dev + resources: + - '*' + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-edit.yaml new file mode 100644 index 0000000000..78264a1553 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-edit.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + rbac.authorization.k8s.io/aggregate-to-edit: "true" + serving.knative.dev/release: v0.14.3 + name: knative-serving-namespaced-edit +rules: +- apiGroups: + - serving.knative.dev + - networking.internal.knative.dev + - autoscaling.internal.knative.dev + - caching.internal.knative.dev + resources: + - '*' + verbs: + - create + - update + - patch + - delete diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-view.yaml new file mode 100644 index 0000000000..0bad4a4ced --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-namespaced-view.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + rbac.authorization.k8s.io/aggregate-to-view: "true" + serving.knative.dev/release: v0.14.3 + name: knative-serving-namespaced-view +rules: +- apiGroups: + - serving.knative.dev + - networking.internal.knative.dev + - autoscaling.internal.knative.dev + - caching.internal.knative.dev + resources: + - '*' + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-podspecable-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-podspecable-binding.yaml new file mode 100644 index 0000000000..f1de7a3fdc --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_knative-serving-podspecable-binding.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + duck.knative.dev/podspecable: "true" + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: knative-serving-podspecable-binding +rules: +- apiGroups: + - serving.knative.dev + resources: + - configurations + - services + verbs: + - list + - watch + - patch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml new file mode 100644 index 0000000000..0520bc0bc9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml @@ -0,0 +1,9 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml new file mode 100644 index 0000000000..7f472eddde --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-edit +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml new file mode 100644 index 0000000000..45d4cb1843 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml @@ -0,0 +1,13 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-katib-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml new file mode 100644 index 0000000000..11ad89cab6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" + name: kubeflow-katib-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml new file mode 100644 index 0000000000..95b524a46e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-katib-view +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-admin.yaml new file mode 100644 index 0000000000..4012a5d635 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kfserving-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-kfserving-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-edit.yaml new file mode 100644 index 0000000000..a26a3d786d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kfserving-admin: "true" + name: kubeflow-kfserving-edit +rules: +- apiGroups: + - serving.kubeflow.org + resources: + - inferenceservices + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-view.yaml new file mode 100644 index 0000000000..6882fb5538 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kfserving-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-kfserving-view +rules: +- apiGroups: + - serving.kubeflow.org + resources: + - inferenceservices + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml new file mode 100644 index 0000000000..d879f2f6c8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-kubernetes-admin +rules: +- apiGroups: + - authorization.k8s.io + resources: + - localsubjectaccessreviews + verbs: + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml new file mode 100644 index 0000000000..8343f92fda --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml @@ -0,0 +1,135 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-kubernetes-edit +rules: +- apiGroups: + - "" + resources: + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + - secrets + - services/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - impersonate +- apiGroups: + - "" + resources: + - pods + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - replicationcontrollers + - replicationcontrollers/scale + - secrets + - serviceaccounts + - services + - services/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + - statefulsets/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - ingresses + - networkpolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml new file mode 100644 index 0000000000..d8a396b9de --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-kubernetes-view +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - persistentvolumeclaims/status + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + - services/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - bindings + - events + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - controllerrevisions + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - replicasets + - replicasets/scale + - replicasets/status + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + - horizontalpodautoscalers/status + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - cronjobs/status + - jobs + - jobs/status + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - ingresses + - ingresses/status + - networkpolicies + - replicasets + - replicasets/scale + - replicasets/status + - replicationcontrollers/scale + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + - poddisruptionbudgets/status + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + - networkpolicies + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-admin.yaml new file mode 100644 index 0000000000..8afc1cd608 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-mpijobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-mpijobs-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-edit.yaml new file mode 100644 index 0000000000..598c7c7b7b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-mpijobs-admin: "true" + name: kubeflow-mpijobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - mpijobs + - mpijobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-view.yaml new file mode 100644 index 0000000000..b3ef136d77 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mpijobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-mpijobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - mpijobs + - mpijobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-admin.yaml new file mode 100644 index 0000000000..7292a7b4b9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-mxjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-mxjobs-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-edit.yaml new file mode 100644 index 0000000000..a6778579cd --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-mxjobs-admin: "true" + name: kubeflow-mxjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - mxjobs + - mxjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-view.yaml new file mode 100644 index 0000000000..8abdd41f86 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-mxjobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-mxjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - mxjobs + - mxjobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..5ba54f3cda --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml @@ -0,0 +1,37 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - certificates.k8s.io + resourceNames: + - kubernetes.io/* + resources: + - signers + verbs: + - approve diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml new file mode 100644 index 0000000000..161f232e59 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-pytorchjobs-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml new file mode 100644 index 0000000000..57a5fc7f42 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" + name: kubeflow-pytorchjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml new file mode 100644 index 0000000000..4f9ef4f8d3 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-pytorchjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml new file mode 100644 index 0000000000..03147422e8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-tfjobs-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml new file mode 100644 index 0000000000..942e4a625a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" + name: kubeflow-tfjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml new file mode 100644 index 0000000000..3ebf508e03 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-tfjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml new file mode 100644 index 0000000000..5420a10679 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-view +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_mpi-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_mpi-operator.yaml new file mode 100644 index 0000000000..9ef4b587b5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_mpi-operator.yaml @@ -0,0 +1,107 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: mpi-operator + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + name: mpi-operator +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + verbs: + - create + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - list + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - list + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - list + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get +- apiGroups: + - kubeflow.org + resources: + - mpijobs + - mpijobs/finalizers + - mpijobs/status + verbs: + - '*' +- apiGroups: + - scheduling.incubator.k8s.io + - scheduling.sigs.dev + resources: + - queues + - podgroups + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml new file mode 100644 index 0000000000..41459ef302 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: notebook-controller-kubeflow-notebooks-admin +rules: [] diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml new file mode 100644 index 0000000000..3ae0c1cd8e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" + name: notebook-controller-kubeflow-notebooks-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml new file mode 100644 index 0000000000..9e28e08290 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: notebook-controller-kubeflow-notebooks-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml new file mode 100644 index 0000000000..02d880f8e2 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role +rules: +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + - notebooks/finalizers + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml new file mode 100644 index 0000000000..8f7eabad51 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml @@ -0,0 +1,76 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatoroperator-cr +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - '*' +- apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - create + - get + - delete + - update +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - get + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - update + - delete +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get + - update + - delete +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + - scheduledsparkapplications + - sparkapplications/status + - scheduledsparkapplications/status + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml new file mode 100644 index 0000000000..48bed8ccb7 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admission-webhook-cluster-role +subjects: +- kind: ServiceAccount + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..d06cac3fd8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 0000000000..c5aa988709 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml new file mode 100644 index 0000000000..908f9dad49 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-controller +subjects: +- kind: ServiceAccount + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml new file mode 100644 index 0000000000..e9f5ce2506 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-ui +subjects: +- kind: ServiceAccount + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-manager-rolebinding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-manager-rolebinding.yaml new file mode 100644 index 0000000000..8f8a8e11d5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-manager-rolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: kfserving-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kfserving-manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-proxy-rolebinding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-proxy-rolebinding.yaml new file mode 100644 index 0000000000..11a2758d7f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kfserving-proxy-rolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: kfserving-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kfserving-proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_knative-serving-controller-admin.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_knative-serving-controller-admin.yaml new file mode 100644 index 0000000000..156d95cf1a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_knative-serving-controller-admin.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: knative-serving-controller-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: knative-serving-admin +subjects: +- kind: ServiceAccount + name: controller + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..459313eff8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_mpi-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_mpi-operator.yaml new file mode 100644 index 0000000000..5ceb1390e6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_mpi-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: mpi-operator + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + name: mpi-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mpi-operator +subjects: +- kind: ServiceAccount + name: mpi-operator + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml new file mode 100644 index 0000000000..30d3f08b7e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: notebook-controller-role +subjects: +- kind: ServiceAccount + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 0000000000..663e87dbcd --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml new file mode 100644 index 0000000000..7b3d77da27 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorsparkoperator-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: spark-operatoroperator-cr +subjects: +- kind: ServiceAccount + name: spark-operatoroperator-sa + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml new file mode 100644 index 0000000000..8bd0261ab6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +rules: +- apiGroups: + - "" + - app.k8s.io + resources: + - applications + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml new file mode 100644 index 0000000000..59924196e1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - patch + - list diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..7c2b27e343 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..c300b1cda8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_leader-election-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_leader-election-role.yaml new file mode 100644 index 0000000000..7cd6bb7453 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_leader-election-role.yaml @@ -0,0 +1,37 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: leader-election-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..8d376c6ae5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..a31ac1ebfd --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4ff55fe4e7 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 0000000000..522897510e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml new file mode 100644 index 0000000000..5a947370a6 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml new file mode 100644 index 0000000000..fdd503498a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml @@ -0,0 +1,84 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml new file mode 100644 index 0000000000..e4a3af18c1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..c1c4c30793 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..e76122f19f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..7471959ec9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..32755c9be3 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_leader-election-rolebinding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_leader-election-rolebinding.yaml new file mode 100644 index 0000000000..f4c229a984 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_leader-election-rolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: leader-election-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..c1033e02db --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..c3ed87368c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..1d78022b2b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml new file mode 100644 index 0000000000..96503d4ab4 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..ff6a5433d3 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml new file mode 100644 index 0000000000..9e1352d61a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml new file mode 100644 index 0000000000..ed9bb0d46e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: spark-operatorspark-role +subjects: +- kind: ServiceAccount + name: spark-operatorspark + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml new file mode 100644 index 0000000000..c9e39f4614 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml new file mode 100644 index 0000000000..7651a6568e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_mxnet-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_mxnet-operator.yaml new file mode 100644 index 0000000000..0008889d3b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_mxnet-operator.yaml @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: mxnet-operator + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + name: mxnet-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - mxjobs + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - pods + - services + - endpoints + - persistentvolumeclaims + - events + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml new file mode 100644 index 0000000000..13352b970d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml new file mode 100644 index 0000000000..f2e0bb974d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml new file mode 100644 index 0000000000..ac48bdc241 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + - tfjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml new file mode 100644 index 0000000000..f1df09722c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-ui +subjects: +- kind: ServiceAccount + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml new file mode 100644 index 0000000000..266bc01c4e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_mxnet-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_mxnet-operator.yaml new file mode 100644 index 0000000000..09c59a95a9 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_mxnet-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: mxnet-operator + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + name: mxnet-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mxnet-operator +subjects: +- kind: ServiceAccount + name: mxnet-operator + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml new file mode 100644 index 0000000000..cefdad39ee --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pytorch-operator +subjects: +- kind: ServiceAccount + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml new file mode 100644 index 0000000000..9cad7bb143 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: spartakus +subjects: +- kind: ServiceAccount + name: spartakus + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml new file mode 100644 index 0000000000..b69f8e4e4b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tf-job-operator +subjects: +- kind: ServiceAccount + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 0000000000..569a985b15 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 0000000000..4bf3335ba0 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-service-role.yaml b/tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-service-role.yaml new file mode 100644 index 0000000000..5731f32aff --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerole_istio-service-role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.istio.io/v1alpha1 +kind: ServiceRole +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + name: istio-service-role + namespace: kubeflow +spec: + rules: + - methods: + - '*' + services: + - '*' diff --git a/tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-service-role-binding.yaml b/tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-service-role-binding.yaml new file mode 100644 index 0000000000..121f5e891b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/rbac.istio.io_v1alpha1_servicerolebinding_istio-service-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.istio.io/v1alpha1 +kind: ServiceRoleBinding +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + name: istio-service-role-binding + namespace: kubeflow +spec: + roleRef: + kind: ServiceRole + name: istio-service-role + subjects: + - user: '*' diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml new file mode 100644 index 0000000000..1dd6173c08 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + issuer: kubeflow-self-signing-issuer + namespace: kubeflow +kind: ConfigMap +metadata: + annotations: {} + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-admission-webhook-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-autoscaler.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-autoscaler.yaml new file mode 100644 index 0000000000..443d1d829c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-autoscaler.yaml @@ -0,0 +1,149 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # The Revision ContainerConcurrency field specifies the maximum number + # of requests the Container can handle at once. Container concurrency + # target percentage is how much of that maximum to use in a stable + # state. E.g. if a Revision specifies ContainerConcurrency of 10, then + # the Autoscaler will try to maintain 7 concurrent connections per pod + # on average. + # Note: this limit will be applied to container concurrency set at every + # level (ConfigMap, Revision Spec or Annotation). + # For legacy and backwards compatibility reasons, this value also accepts + # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). + # Thus minimal percentage value must be greater than 1.0, or it will be + # treated as a fraction. + # NOTE: that this value does not affect actual number of concurrent requests + # the user container may receive, but only the average number of requests + # that the revision pods will receive. + container-concurrency-target-percentage: "70" + + # The container concurrency target default is what the Autoscaler will + # try to maintain when concurrency is used as the scaling metric for the + # Revision and the Revision specifies unlimited concurrency. + # When revision explicitly specifies container concurrency, that value + # will be used as a scaling target for autoscaler. + # When specifying unlimited concurrency, the autoscaler will + # horizontally scale the application based on this target concurrency. + # This is what we call "soft limit" in the documentation, i.e. it only + # affects number of pods and does not affect the number of requests + # individual pod processes. + # The value must be a positive number such that the value multiplied + # by container-concurrency-target-percentage is greater than 0.01. + # NOTE: that this value will be adjusted by application of + # container-concurrency-target-percentage, i.e. by default + # the system will target on average 70 concurrent requests + # per revision pod. + # NOTE: Only one metric can be used for autoscaling a Revision. + container-concurrency-target-default: "100" + + # The requests per second (RPS) target default is what the Autoscaler will + # try to maintain when RPS is used as the scaling metric for a Revision and + # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, + # the autoscaler will horizontally scale the application based on this + # target RPS. + # Must be greater than 1.0. + # NOTE: Only one metric can be used for autoscaling a Revision. + requests-per-second-target-default: "200" + + # The target burst capacity specifies the size of burst in concurrent + # requests that the system operator expects the system will receive. + # Autoscaler will try to protect the system from queueing by introducing + # Activator in the request path if the current spare capacity of the + # service is less than this setting. + # If this setting is 0, then Activator will be in the request path only + # when the revision is scaled to 0. + # If this setting is > 0 and container-concurrency-target-percentage is + # 100% or 1.0, then activator will always be in the request path. + # -1 denotes unlimited target-burst-capacity and activator will always + # be in the request path. + # Other negative values are invalid. + target-burst-capacity: "200" + + # When operating in a stable mode, the autoscaler operates on the + # average concurrency over the stable window. + # Stable window must be in whole seconds. + stable-window: "60s" + + # When observed average concurrency during the panic window reaches + # panic-threshold-percentage the target concurrency, the autoscaler + # enters panic mode. When operating in panic mode, the autoscaler + # scales on the average concurrency over the panic window which is + # panic-window-percentage of the stable-window. + # When computing the panic window it will be rounded to the closest + # whole second. + panic-window-percentage: "10.0" + + # The percentage of the container concurrency target at which to + # enter panic mode when reached within the panic window. + panic-threshold-percentage: "200.0" + + # Max scale up rate limits the rate at which the autoscaler will + # increase pod count. It is the maximum ratio of desired pods versus + # observed pods. + # Cannot be less or equal to 1. + # I.e with value of 2.0 the number of pods can at most go N to 2N + # over single Autoscaler period (see tick-interval), but at least N to + # N+1, if Autoscaler needs to scale up. + max-scale-up-rate: "1000.0" + + # Max scale down rate limits the rate at which the autoscaler will + # decrease pod count. It is the maximum ratio of observed pods versus + # desired pods. + # Cannot be less or equal to 1. + # I.e. with value of 2.0 the number of pods can at most go N to N/2 + # over single Autoscaler evaluation period (see tick-interval), but at + # least N to N-1, if Autoscaler needs to scale down. + max-scale-down-rate: "2.0" + + # Scale to zero feature flag + enable-scale-to-zero: "true" + + # Tick interval is the time between autoscaling calculations. + tick-interval: "2s" + + # Scale to zero grace period is the time an inactive revision is left + # running before it is scaled to zero (min: 6s). + scale-to-zero-grace-period: "30s" + + # Enable graceful scaledown feature flag. + # Once enabled, it allows the autoscaler to prioritize pods processing + # fewer (or zero) requests for removal when scaling down. + enable-graceful-scaledown: "false" + + # pod-autoscaler-class specifies the default pod autoscaler class + # that should be used if none is specified. If omitted, the Knative + # Horizontal Pod Autoscaler (KPA) is used by default. + pod-autoscaler-class: "kpa.autoscaling.knative.dev" + + # The capacity of a single activator task. + # The `unit` is one concurrent request proxied by the activator. + # activator-capacity must be at least 1. + # This value is used for computation of the Activator subset size. + # See the algorithm here: http://bit.ly/38XiCZ3. + # TODO(vagababov): tune after actual benchmarking. + activator-capacity: "100.0" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-autoscaler + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-defaults.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-defaults.yaml new file mode 100644 index 0000000000..a865e2f8b4 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-defaults.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # revision-timeout-seconds contains the default number of + # seconds to use for the revision's per-request timeout, if + # none is specified. + revision-timeout-seconds: "300" # 5 minutes + + # max-revision-timeout-seconds contains the maximum number of + # seconds that can be used for revision-timeout-seconds. + # This value must be greater than or equal to revision-timeout-seconds. + # If omitted, the system default is used (600 seconds). + max-revision-timeout-seconds: "600" # 10 minutes + + # revision-cpu-request contains the cpu allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) + + # revision-memory-request contains the memory allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + revision-memory-request: "100M" # 100 megabytes of memory + + # revision-cpu-limit contains the cpu allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) + + # revision-memory-limit contains the memory allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + revision-memory-limit: "200M" # 200 megabytes of memory + + # container-name-template contains a template for the default + # container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + container-name-template: "user-container" + + # container-concurrency specifies the maximum number + # of requests the Container can handle at once, and requests + # above this threshold are queued. Setting a value of zero + # disables this throttling and lets through as many requests as + # the pod receives. + container-concurrency: "0" + + # The container concurrency max limit is an operator setting ensuring that + # the individual revisions cannot have arbitrary large concurrency + # values, or autoscaling targets. `container-concurrency` default setting + # must be at or below this value. + # Must be greater than 1. + container-concurrency-max-limit: "1000" + + # feature flag indicates whether to enable multi container support or not + enable-multi-container: "false" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-defaults + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-deployment.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-deployment.yaml new file mode 100644 index 0000000000..7e186133d2 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # List of repositories for which tag to digest resolving should be skipped + registriesSkippingTagResolving: "ko.local,dev.local" + queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:d066ae5b642885827506610ae25728d442ce11447b82df6e9cc4c174bb97ecb3 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-deployment + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-domain.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-domain.yaml new file mode 100644 index 0000000000..5a04c51771 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-domain.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default value for domain. + # Although it will match all routes, it is the least-specific rule so it + # will only be used if no other domain matches. + example.com: | + + # These are example settings of domain. + # example.org will be used for routes having app=nonprofit. + example.org: | + selector: + app: nonprofit + + # Routes having domain suffix of 'svc.cluster.local' will not be exposed + # through Ingress. You can define your own label selector to assign that + # domain suffix to your Route here, or you can set the label + # "serving.knative.dev/visibility=cluster-local" + # to achieve the same effect. This shows how to make routes having + # the label app=secret only exposed to the local cluster. + svc.cluster.local: | + selector: + app: secret +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-domain + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-gc.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-gc.yaml new file mode 100644 index 0000000000..dcf4c52cb2 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-gc.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Delay after revision creation before considering it for GC + stale-revision-create-delay: "48h" + + # Duration since a route has pointed at the revision before it + # should be GC'd. + # This minus lastpinned-debounce must be longer than the controller + # resync period (10 hours). + stale-revision-timeout: "15h" + + # Minimum number of generations of revisions to keep before considering + # them for GC + stale-revision-minimum-generations: "20" + + # To avoid constant updates, we allow an existing annotation to be stale by this + # amount before we update the timestamp. + stale-revision-lastpinned-debounce: "5h" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-gc + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-istio.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-istio.yaml new file mode 100644 index 0000000000..502c36a68c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-istio.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default Knative Gateway after v0.3. It points to the Istio + # standard istio-ingressgateway, instead of a custom one that we + # used pre-0.3. The configuration format should be `gateway. + # {{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}. + # {{ingress_namespace}}.svc.cluster.local"`. The {{gateway_namespace}} + # is optional; when it is omitted, the system will search for + # the gateway in the serving system namespace `knative-serving` + gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" + + # A cluster local gateway to allow pods outside of the mesh to access + # Services and Routes not exposing through an ingress. If the users + # do have a service mesh setup, this isn't required and can be removed. + # + # An example use case is when users want to use Istio without any + # sidecar injection (like Knative's istio-ci-no-mesh.yaml). Since every pod + # is outside of the service mesh in that case, a cluster-local service + # will need to be exposed to a cluster-local gateway to be accessible. + # The configuration format should be `local-gateway.{{local_gateway_namespace}}. + # {{local_gateway_name}}: "{{cluster_local_gateway_name}}. + # {{cluster_local_gateway_namespace}}.svc.cluster.local"`. The + # {{local_gateway_namespace}} is optional; when it is omitted, the system + # will search for the local gateway in the serving system namespace + # `knative-serving` + local-gateway.knative-serving.cluster-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local" + + # To use only Istio service mesh and no cluster-local-gateway, replace + # all local-gateway.* entries by the following entry. + local-gateway.mesh: "mesh" + gateway.kubeflow.kubeflow-gateway: istio-ingressgateway.istio-system.svc.cluster.local + local-gateway.knative-serving.cluster-local-gateway: cluster-local-gateway.istio-system.svc.cluster.local + local-gateway.mesh: mesh +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + networking.knative.dev/ingress-provider: istio + serving.knative.dev/release: v0.14.3 + name: config-istio + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-leader-election.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-leader-election.yaml new file mode 100644 index 0000000000..ab36d097ff --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-leader-election.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # resourceLock controls which API resource is used as the basis for the + # leader election lock. Valid values are: + # + # - leases -> use the coordination API + # - configmaps -> use configmaps + # - endpoints -> use endpoints + resourceLock: "leases" + + # leaseDuration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + leaseDuration: "15s" + # renewDeadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renewDeadline: "10s" + # retryPeriod is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retryPeriod: "2s" + # enabledComponents is a comma-delimited list of component names for which + # leader election is enabled. Valid values are: + # + # - controller + # - hpaautoscaler + # - certcontroller + # - istiocontroller + # - nscontroller + enabledComponents: "controller,hpaautoscaler,certcontroller,istiocontroller,nscontroller" + leaseDuration: 15s + renewDeadline: 10s + resourceLock: leases + retryPeriod: 2s +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-leader-election + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-logging.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-logging.yaml new file mode 100644 index 0000000000..b68fdab10f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-logging.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Common configuration for all Knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Log level overrides + # For all components except the autoscaler and queue proxy, + # changes are be picked up immediately. + # For autoscaler and queue proxy, changes require recreation of the pods. + loglevel.controller: "info" + loglevel.autoscaler: "info" + loglevel.queueproxy: "info" + loglevel.webhook: "info" + loglevel.activator: "info" + loglevel.hpaautoscaler: "info" + loglevel.certcontroller: "info" + loglevel.istiocontroller: "info" + loglevel.nscontroller: "info" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-logging + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-network.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-network.yaml new file mode 100644 index 0000000000..2411ce6678 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-network.yaml @@ -0,0 +1,94 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # DEPRECATED: + # istio.sidecar.includeOutboundIPRanges is obsolete. + # The current versions have outbound network access enabled by default. + # If you need this option for some reason, please use global.proxy.includeIPRanges in Istio. + # + # istio.sidecar.includeOutboundIPRanges: "*" + + # ingress.class specifies the default ingress class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Istio ingress. + # + # Note that changing the Ingress class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + ingress.class: "istio.ingress.networking.knative.dev" + + # certificate.class specifies the default Certificate class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Cert-Manager Certificate. + # + # Note that changing the Certificate class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + certificate.class: "cert-manager.certificate.networking.knative.dev" + + # domainTemplate specifies the golang text template string to use + # when constructing the Knative service's DNS name. The default + # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". And those three + # values (Name, Namespace, Domain) are the only variables defined. + # + # Changing this value might be necessary when the extra levels in + # the domain name generated is problematic for wildcard certificates + # that only support a single level of domain name added to the + # certificate's domain. In those cases you might consider using a value + # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace + # entirely from the template. When choosing a new value be thoughtful + # of the potential for conflicts - for example, when users choose to use + # characters such as `-` in their service, or namespace, names. + # {{.Annotations}} can be used for any customization in the go template if needed. + # We strongly recommend keeping namespace part of the template to avoid domain name clashes + # Example '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' + # and you have an annotation {"sub":"foo"}, then the generated template would be {Name}-{Namespace}.foo.{Domain} + domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + + # tagTemplate specifies the golang text template string to use + # when constructing the DNS name for "tags" within the traffic blocks + # of Routes and Configuration. This is used in conjunction with the + # domainTemplate above to determine the full URL for the tag. + tagTemplate: "{{.Tag}}-{{.Name}}" + + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate external TLS connection. + # 1. Enabled: enabling auto-TLS feature. + # 2. Disabled: disabling auto-TLS feature. + autoTLS: "Disabled" + + # Controls the behavior of the HTTP endpoint for the Knative ingress. + # It requires autoTLS to be enabled. + # 1. Enabled: The Knative ingress will be able to serve HTTP connection. + # 2. Disabled: The Knative ingress will reject HTTP traffic. + # 3. Redirected: The Knative ingress will send a 302 redirect for all + # http connections, asking the clients to use HTTPS + httpProtocol: "Enabled" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-network + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-observability.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-observability.yaml new file mode 100644 index 0000000000..55b6f77662 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-observability.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +data: + _example: | + ################################ # # # EXAMPLE CONFIGURATION # # # ################################ + + # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # + # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. + # logging.enable-var-log-collection defaults to false. # The fluentd daemon set will be set up to collect /var/log if # this flag is true. logging.enable-var-log-collection: "false" + # logging.revision-url-template provides a template to use for producing the # logging URL that is injected into the status of each Revision. # This value is what you might use the the Knative monitoring bundle, and provides # access to Kibana after setting up kubectl proxy. logging.revision-url-template: | + http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.serving-knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase)))) + + # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe # requests. # The value determines the shape of the request logs and it must be a valid go text/template. # It is important to keep this as a single line. Multiple lines are parsed as separate entities # by most collection agents and will split the request logs into multiple records. # # The following fields and functions are available to the template: # # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) # representing an HTTP request received by the server. # # Response: # struct { # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) # Size int // An int representing the size of the response. # Latency float64 // A float64 representing the latency of the response in seconds. # } # # Revision: # struct { # Name string // Knative revision name # Namespace string // Knative revision namespace # Service string // Knative service name # Configuration string // Knative configuration name # PodName string // Name of the pod hosting the revision # PodIP string // IP of the pod hosting the revision # } # logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' + # If true, this enables queue proxy writing request logs for probe requests to stdout. # It uses the same template for user requests, i.e. logging.request-log-template. logging.enable-probe-request-log: "false" + # metrics.backend-destination field specifies the system metrics destination. # It supports either prometheus (the default) or stackdriver. # Note: Using stackdriver will incur additional charges metrics.backend-destination: prometheus + # metrics.request-metrics-backend-destination specifies the request metrics # destination. It enables queue proxy to send request metrics. # Currently supported values: prometheus (the default), stackdriver. metrics.request-metrics-backend-destination: prometheus + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This # field is optional. When running on GCE, application default credentials will be # used if this field is not provided. metrics.stackdriver-project-id: "" + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to # Stackdriver using "global" resource type and custom metric type if the # metrics are not supported by "knative_revision" resource type. Setting this # flag to "true" could cause extra Stackdriver charge. # If metrics.backend-destination is not Stackdriver, this is ignored. metrics.allow-stackdriver-custom-metrics: "false" + # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from # the pods via an HTTP server in the format expected by the pprof visualization tool. When # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. # The HTTP context root for profiling is then /debug/pprof/. profiling.enable: "false" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-observability + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-tracing.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-tracing.yaml new file mode 100644 index 0000000000..350f75a663 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_config-tracing.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # This may be "zipkin" or "stackdriver", the default is "none" + backend: "none" + + # URL to zipkin collector where traces are sent. + # This must be specified when backend is "zipkin" + zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" + + # The GCP project into which stackdriver metrics will be written + # when backend is "stackdriver". If unspecified, the project-id + # is read from GCP metadata when running on GCP. + stackdriver-project-id: "my-project" + + # Enable zipkin debug mode. This allows all spans to be sent to the server + # bypassing sampling. + debug: "false" + + # Percentage (0-1) of requests to trace + sample-rate: "0.1" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: config-tracing + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml new file mode 100644 index 0000000000..0af9fe8d4b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + profile-name: anonymous + user: anonymous +kind: ConfigMap +metadata: + name: default-install-config-h877hbtmf7 + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_inferenceservice-config.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_inferenceservice-config.yaml new file mode 100644 index 0000000000..3dde29f148 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_inferenceservice-config.yaml @@ -0,0 +1,90 @@ +apiVersion: v1 +data: + batcher: |- + { + "image" : "kfserving/batcher:v0.4.0", + "memoryRequest": "1Gi", + "memoryLimit": "1Gi", + "cpuRequest": "1", + "cpuLimit": "1" + } + credentials: |- + { + "gcs": { + "gcsCredentialFileName": "gcloud-application-credentials.json" + }, + "s3": { + "s3AccessKeyIDName": "AWS_ACCESS_KEY_ID", + "s3SecretAccessKeyName": "AWS_SECRET_ACCESS_KEY" + } + } + explainers: |- + { + "alibi": { + "image" : "gcr.io/kfserving/alibi-explainer", + "defaultImageVersion": "v0.4.1" + } + } + ingress: |- + { + "ingressGateway" : "kubeflow-gateway.kubeflow", + "ingressService" : "istio-ingressgateway.istio-system.svc.cluster.local" + } + logger: |- + { + "image" : "gcr.io/kfserving/logger:v0.4.1", + "memoryRequest": "100Mi", + "memoryLimit": "1Gi", + "cpuRequest": "100m", + "cpuLimit": "1", + "defaultUrl": "http://default-broker" + } + predictors: |- + { + "tensorflow": { + "image": "tensorflow/serving", + "defaultImageVersion": "1.14.0", + "defaultGpuImageVersion": "1.14.0-gpu" + }, + "onnx": { + "image": "mcr.microsoft.com/onnxruntime/server", + "defaultImageVersion": "v1.0.0" + }, + "sklearn": { + "image": "gcr.io/kfserving/sklearnserver", + "defaultImageVersion": "v0.4.1" + }, + "xgboost": { + "image": "gcr.io/kfserving/xgbserver", + "defaultImageVersion": "v0.4.1" + }, + "pytorch": { + "image": "gcr.io/kfserving/pytorchserver", + "defaultImageVersion": "v0.4.1", + "defaultGpuImageVersion": "v0.4.1-gpu" + }, + "triton": { + "image": "nvcr.io/nvidia/tritonserver", + "defaultImageVersion": "20.03-py3" + } + } + storageInitializer: |- + { + "image" : "gcr.io/kfserving/storage-initializer:v0.4.1", + "memoryRequest": "100Mi", + "memoryLimit": "1Gi", + "cpuRequest": "100m", + "cpuLimit": "1" + } + transformers: |- + { + } +kind: ConfigMap +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: inferenceservice-config + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml new file mode 100644 index 0000000000..60115c258f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml new file mode 100644 index 0000000000..e089825a84 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + ROK_SECRET_NAME: secret-rok-{username} + UI: default + policy: Always + prefix: jupyter +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_katib-config.yaml new file mode 100644 index 0000000000..f5881bfb7c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -0,0 +1,66 @@ +apiVersion: v1 +data: + early-stopping: |- + { + "medianstop": { + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v1beta1-a96ff59", + "imagePullPolicy": "Always" + } + } + metrics-collector-sidecar: |- + { + "StdOut": { + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" + }, + "File": { + "image": "docker.io/kubeflowkatib/file-metrics-collector:v1beta1-a96ff59" + }, + "TensorFlowEvent": { + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v1beta1-a96ff59", + "resources": { + "limits": { + "memory": "1Gi" + } + } + } + } + suggestion: |- + { + "random": { + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" + }, + "grid": { + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v1beta1-a96ff59" + }, + "hyperband": { + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v1beta1-a96ff59" + }, + "bayesianoptimization": { + "image": "docker.io/kubeflowkatib/suggestion-skopt:v1beta1-a96ff59" + }, + "tpe": { + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v1beta1-a96ff59" + }, + "enas": { + "image": "docker.io/kubeflowkatib/suggestion-enas:v1beta1-a96ff59", + "imagePullPolicy": "Always", + "resources": { + "limits": { + "memory": "200Mi" + } + } + }, + "cmaes": { + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v1beta1-a96ff59" + }, + "darts": { + "image": "docker.io/kubeflowkatib/suggestion-darts:v1beta1-a96ff59" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-config + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_kubeflow-config-bk4bc7m928.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_kubeflow-config-bk4bc7m928.yaml new file mode 100644 index 0000000000..2c4a11fcc5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_kubeflow-config-bk4bc7m928.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + cluster-name: "" + clusterDomain: cluster.local + istio-namespace: istio-system + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-bk4bc7m928 + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml new file mode 100644 index 0000000000..3aa74d8ac5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: metadb + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-db-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..b8605cd7b7 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 0000000000..d6a0de88e5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml new file mode 100644 index 0000000000..461638d1f8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "kubeflow-pipelines-viewer" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui-configmap + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_mpi-operator-config.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_mpi-operator-config.yaml new file mode 100644 index 0000000000..ff54ae481a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_mpi-operator-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + kubectl-delivery-image: mpioperator/kubectl-delivery:latest + lock-namespace: kubeflow +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + name: mpi-operator-config + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml new file mode 100644 index 0000000000..ca0dc1ba50 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ISTIO_GATEWAY: kubeflow/kubeflow-gateway + USE_ISTIO: "true" +kind: ConfigMap +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller-config-h4d668t5tb + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml new file mode 100644 index 0000000000..c2b0b0572c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + bucketName: mlpipeline + cacheDb: cachedb + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-install-config-2829cc67f8 + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-d7hkh24mdg.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-d7hkh24mdg.yaml new file mode 100644 index 0000000000..3aef75a62e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-d7hkh24mdg.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + appName: pipeline + appVersion: 1.0.4 + bucketName: mlpipeline + cacheDb: cachedb + containerRuntimeExecutor: docker + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-upstream-install-config-d7hkh24mdg + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml new file mode 100644 index 0000000000..e77d6f69ed --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + admin: "" + gcp-sa: "" +kind: ConfigMap +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles-config-4mgcmtgk6t + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_spartakus-config.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_spartakus-config.yaml new file mode 100644 index 0000000000..8572b43906 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_spartakus-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + usageId: +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus-config + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_trial-template.yaml new file mode 100644 index 0000000000..260ea24d70 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -0,0 +1,77 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + spec: + template: + spec: + containers: + - name: training-container + image: docker.io/kubeflowkatib/mxnet-mnist:v1beta1-a96ff59 + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + - "--lr=${trialParameters.learningRate}" + - "--num-layers=${trialParameters.numberLayers}" + - "--optimizer=${trialParameters.optimizer}" + restartPolicy: Never + enasCPUTemplate: |- + apiVersion: batch/v1 + kind: Job + spec: + template: + spec: + containers: + - name: training-container + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v1beta1-a96ff59 + command: + - python3 + - -u + - RunTrial.py + - --num_epochs=1 + - "--architecture=\"${trialParameters.neuralNetworkArchitecture}\"" + - "--nn_config=\"${trialParameters.neuralNetworkConfig}\"" + restartPolicy: Never + pytorchJobTemplate: |- + apiVersion: "kubeflow.org/v1" + kind: PyTorchJob + spec: + pytorchReplicaSpecs: + Master: + replicas: 1 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + - "--lr=${trialParameters.learningRate}" + - "--momentum=${trialParameters.momentum}" + Worker: + replicas: 2 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + - "--lr=${trialParameters.learningRate}" + - "--momentum=${trialParameters.momentum}" +kind: ConfigMap +metadata: + labels: + app: katib-trial-templates + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml new file mode 100644 index 0000000000..025357f80b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + config: | + { + executorImage: argoproj/argoexec:v2.3.0, + containerRuntimeExecutor: pns, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-configmap + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml new file mode 100644 index 0000000000..a3eff61112 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +data: + artifactRepositoryAccessKeySecretKey: accesskey + artifactRepositoryAccessKeySecretName: mlpipeline-minio-artifact + artifactRepositoryBucket: mlpipeline + artifactRepositoryEndpoint: minio-service.kubeflow:9000 + artifactRepositoryInsecure: "true" + artifactRepositoryKeyPrefix: artifacts + artifactRepositorySecretKeySecretKey: secretkey + artifactRepositorySecretKeySecretName: mlpipeline-minio-artifact + clusterDomain: cluster.local + containerRuntimeExecutor: pns + executorImage: argoproj/argoexec:v2.3.0 + namespace: "" +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-parameters + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_namespace_knative-serving.yaml b/tests/stacks/azure/test_data/expected/~g_v1_namespace_knative-serving.yaml new file mode 100644 index 0000000000..8f1eb03c76 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_namespace_knative-serving.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: knative-serving diff --git a/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml new file mode 100644 index 0000000000..f07c332452 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml new file mode 100644 index 0000000000..d08a7d2475 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + kustomize.component: metadata + name: metadata-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml new file mode 100644 index 0000000000..0dd8344034 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml new file mode 100644 index 0000000000..bf0c560da5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_istio-webhook-certs.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_istio-webhook-certs.yaml new file mode 100644 index 0000000000..8c9537adbc --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_istio-webhook-certs.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: istio-webhook-certs + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_katib-controller.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_katib-controller.yaml new file mode 100644 index 0000000000..debbabb435 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml new file mode 100644 index 0000000000..8394d22cf8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_kfserving-webhook-server-secret.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_kfserving-webhook-server-secret.yaml new file mode 100644 index 0000000000..63dd5ee927 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_kfserving-webhook-server-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: kfserving-webhook-server-secret + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml new file mode 100644 index 0000000000..918b7d1198 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER_NAME: cm9vdA== +kind: Secret +metadata: + labels: + kustomize.component: metadata + name: metadata-db-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml new file mode 100644 index 0000000000..2c774e447c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml new file mode 100644 index 0000000000..3490a9d7f1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + password: "" + username: cm9vdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: mysql-secret-fd5gktm75t + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/azure/test_data/expected/~g_v1_secret_webhook-certs.yaml b/tests/stacks/azure/test_data/expected/~g_v1_secret_webhook-certs.yaml new file mode 100644 index 0000000000..9a9bfb7678 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_secret_webhook-certs.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: webhook-certs + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_activator-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_activator-service.yaml new file mode 100644 index 0000000000..c82eee08ed --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_activator-service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: activator + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: activator-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + targetPort: 8012 + - name: http2 + port: 81 + targetPort: 8013 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http-metrics + port: 9090 + targetPort: 9090 + selector: + app: activator + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_admission-webhook-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_admission-webhook-service.yaml new file mode 100644 index 0000000000..1636dc9520 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_admission-webhook-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_argo-ui.yaml new file mode 100644 index 0000000000..0e091e0898 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_argo-ui.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 8001 + selector: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + sessionAffinity: None + type: NodePort diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_autoscaler.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_autoscaler.yaml new file mode 100644 index 0000000000..55c5359f16 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_autoscaler.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: autoscaler + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: autoscaler + namespace: kubeflow +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: https-custom-metrics + port: 443 + targetPort: 8443 + selector: + app: autoscaler + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_cache-server.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_cache-server.yaml new file mode 100644 index 0000000000..ab6cf5124e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_cache-server.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_centraldashboard.yaml new file mode 100644 index 0000000000..3f50af45e4 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_centraldashboard.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: centralui-mapping + prefix: / + rewrite: / + service: centraldashboard.$(namespace) + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8082 + selector: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + sessionAffinity: None + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_controller.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_controller.yaml new file mode 100644 index 0000000000..ccf93895d0 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_controller.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: controller + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: controller + namespace: kubeflow +spec: + ports: + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http-metrics + port: 9090 + targetPort: 9090 + selector: + app: controller + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_istio-webhook.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_istio-webhook.yaml new file mode 100644 index 0000000000..8b9016b807 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_istio-webhook.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: istio-webhook + serving.knative.dev/release: v0.14.3 + name: istio-webhook + namespace: kubeflow +spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: istio-webhook + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 0000000000..098ea28b6d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /jupyter/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_katib-controller.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-controller.yaml new file mode 100644 index 0000000000..59c34c7868 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-controller.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8443 + - name: metrics + port: 8080 + targetPort: 8080 + selector: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_katib-db-manager.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-db-manager.yaml new file mode 100644 index 0000000000..ff2e1df9ab --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-db-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + ports: + - name: api + port: 6789 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_katib-mysql.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-mysql.yaml new file mode 100644 index 0000000000..5b3c87b53e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-mysql.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_katib-ui.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-ui.yaml new file mode 100644 index 0000000000..399b6e1644 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_katib-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + ports: + - name: ui + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-metrics-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-metrics-service.yaml new file mode 100644 index 0000000000..2b1aa4879d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-metrics-service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + kustomize.component: kfserving + name: kfserving-controller-manager-metrics-service + namespace: kubeflow +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + kustomize.component: kfserving diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-service.yaml new file mode 100644 index 0000000000..4ecffcb0a5 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-controller-manager-service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: kfserving-controller-manager + controller-tools.k8s.io: "1.0" + kustomize.component: kfserving + name: kfserving-controller-manager-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: kfserving-controller-manager + controller-tools.k8s.io: "1.0" + kustomize.component: kfserving diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-webhook-server-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-webhook-server-service.yaml new file mode 100644 index 0000000000..045fcdcdb8 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_kfserving-webhook-server-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + kustomize.component: kfserving + name: kfserving-webhook-server-service + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app: kfserving + app.kubernetes.io/component: kfserving + app.kubernetes.io/name: kfserving + control-plane: kfserving-controller-manager + kustomize.component: kfserving diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-db.yaml new file mode 100644 index 0000000000..eb77733c55 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + component: db + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 0000000000..88f6246f90 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 0000000000..a7f38d715b --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_minio-service.yaml new file mode 100644 index 0000000000..c7f0acee21 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_minio-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-service + namespace: kubeflow +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4b493f3119 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app: ml-pipeline-ui + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..71a24c4ada --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline.yaml new file mode 100644 index 0000000000..4d23b20f01 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_ml-pipeline.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_mysql.yaml new file mode 100644 index 0000000000..da8f8cb93a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_mysql.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_notebook-controller-service.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_notebook-controller-service.yaml new file mode 100644 index 0000000000..a9f1b4b8e0 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_notebook-controller-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 0000000000..db1f50bd7d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + ports: + - port: 8081 + selector: + kustomize.component: profiles diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_pytorch-operator.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_pytorch-operator.yaml new file mode 100644 index 0000000000..4114ea5f9f --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_pytorch-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_tf-job-operator.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_tf-job-operator.yaml new file mode 100644 index 0000000000..a13b8ac441 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_tf-job-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + type: ClusterIP diff --git a/tests/stacks/azure/test_data/expected/~g_v1_service_webhook.yaml b/tests/stacks/azure/test_data/expected/~g_v1_service_webhook.yaml new file mode 100644 index 0000000000..2a93c2e713 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_service_webhook.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: webhook + serving.knative.dev/release: v0.14.3 + name: webhook + namespace: kubeflow +spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + role: webhook diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml new file mode 100644 index 0000000000..6f41ce954d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml new file mode 100644 index 0000000000..c58dd0a3d4 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo.yaml new file mode 100644 index 0000000000..ad307ff2ca --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_argo.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml new file mode 100644 index 0000000000..55deba785d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_controller.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_controller.yaml new file mode 100644 index 0000000000..b4f0482c8a --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_controller.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install + kustomize.component: knative + serving.knative.dev/release: v0.14.3 + name: controller + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 0000000000..0c14927726 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml new file mode 100644 index 0000000000..bfbc7b770e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml new file mode 100644 index 0000000000..16c2b45417 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml new file mode 100644 index 0000000000..a985549ba3 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml new file mode 100644 index 0000000000..f7555f0f35 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml new file mode 100644 index 0000000000..b0bbf5da53 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-container-builder + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml new file mode 100644 index 0000000000..de94276552 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml new file mode 100644 index 0000000000..9521f5b74d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: kubeflow-pipelines-viewer + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..5bc5786177 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..4a157173bc --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..9318d09104 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 0000000000..ff0696597e --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..5c8e34b2a1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml new file mode 100644 index 0000000000..b95a37213c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mpi-operator.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mpi-operator.yaml new file mode 100644 index 0000000000..dbe19ff814 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mpi-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: mpi-operator + app.kubernetes.io/component: mpijob + app.kubernetes.io/name: mpi-operator + kustomize.component: mpi-operator + name: mpi-operator + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mxnet-operator.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mxnet-operator.yaml new file mode 100644 index 0000000000..668c2e0f1d --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_mxnet-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: mxnet-operator + app.kubernetes.io/component: mxnet + app.kubernetes.io/name: mxnet-operator + kustomize.component: mxnet-operator + name: mxnet-operator + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml new file mode 100644 index 0000000000..d34df92177 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 0000000000..13fb2a95dd --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: ml-pipeline + app.kubernetes.io/name: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 0000000000..881ccbf1bd --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: profiles + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml new file mode 100644 index 0000000000..3d3555c2b1 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml new file mode 100644 index 0000000000..b089a63b4c --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatoroperator-sa + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml new file mode 100644 index 0000000000..eb83084001 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spartakus.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spartakus.yaml new file mode 100644 index 0000000000..be719e7753 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_spartakus.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml new file mode 100644 index 0000000000..3e0982e277 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-dashboard + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-dashboard + namespace: kubeflow diff --git a/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml new file mode 100644 index 0000000000..f7bf874b73 --- /dev/null +++ b/tests/stacks/azure/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow From 0531563bf5c06fc45a2043c1313dd39b3710573b Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Fri, 13 Nov 2020 11:48:35 -0800 Subject: [PATCH 4/4] Add additional Azure test data --- .../test_data/expected/apps_v1_deployment_katib-mysql.yaml | 2 -- .../test_data/expected/apps_v1_deployment_metadata-db.yaml | 2 -- 2 files changed, 4 deletions(-) diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml index e92ff7c8c4..c122ae873f 100644 --- a/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_katib-mysql.yaml @@ -16,8 +16,6 @@ spec: app.kubernetes.io/component: katib app.kubernetes.io/name: katib-controller component: mysql - strategy: - type: Recreate template: metadata: annotations: diff --git a/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml index 749bc40837..44ad98e9d8 100644 --- a/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml +++ b/tests/stacks/azure/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -12,8 +12,6 @@ spec: matchLabels: component: db kustomize.component: metadata - strategy: - type: Recreate template: metadata: annotations: