From b39cce88358da9aa1ac015078e435823e369a292 Mon Sep 17 00:00:00 2001
From: Shovan Maity <shovan.maity@harness.io>
Date: Thu, 4 Jul 2024 18:46:17 +0530
Subject: [PATCH 1/3] add network policy yamls

Signed-off-by: Shovan Maity <shovan.maity@harness.io>
---
 .../manifests/litmus-cluster-scope.yaml       | 456 ++++++++++++++++++
 .../manifests/litmus-namespaced-scope.yaml    |  42 ++
 .../manifests/litmus-without-resources.yaml   |  42 ++
 3 files changed, 540 insertions(+)
 create mode 100644 chaoscenter/manifests/litmus-cluster-scope.yaml

diff --git a/chaoscenter/manifests/litmus-cluster-scope.yaml b/chaoscenter/manifests/litmus-cluster-scope.yaml
new file mode 100644
index 00000000000..628412c0d11
--- /dev/null
+++ b/chaoscenter/manifests/litmus-cluster-scope.yaml
@@ -0,0 +1,456 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-server-cr
+rules:
+  - apiGroups: [networking.k8s.io, extensions]
+    resources: [ingresses]
+    verbs: [get]
+  - apiGroups: [""]
+    resources: [services, nodes, pods/log] # Will have to remove this for namespaced scope
+    verbs: [get, watch]
+  - apiGroups: [""] # To get TLS Cert from secrets incase of cluster scope
+    resources: [secrets]
+    verbs: [get]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-server-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-server-cr
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+## Control plane manifests
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: litmus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: litmus-server-account
+  namespace: litmus
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: litmus-portal-admin-secret
+  namespace: litmus
+stringData:
+  JWT_SECRET: "litmus-portal@123"
+  DB_USER: "root"
+  DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmus-portal-admin-config
+  namespace: litmus
+data:
+  DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
+  VERSION: "ci"
+  SKIP_SSL_VERIFY: "false"
+  # Configurations if you are using dex for OAuth
+  DEX_ENABLED: "false"
+  OIDC_ISSUER: "http://<Your Domain>:32000"
+  DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
+  DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+  DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+  OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmusportal-frontend-nginx-configuration
+  namespace: litmus
+data:
+  nginx.conf: |
+    pid /tmp/nginx.pid;
+
+    events {
+      worker_connections  1024;
+    }
+
+    http {
+        map $http_upgrade $connection_upgrade {
+            default upgrade;
+            '' close;
+        }
+
+        client_body_temp_path /tmp/client_temp;
+        proxy_temp_path       /tmp/proxy_temp_path;
+        fastcgi_temp_path     /tmp/fastcgi_temp;
+        uwsgi_temp_path       /tmp/uwsgi_temp;
+        scgi_temp_path        /tmp/scgi_temp;
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        server_tokens off;
+
+        include /etc/nginx/mime.types;
+
+        gzip on;
+        gzip_disable "msie6";
+
+        access_log /var/log/nginx/access.log;
+        error_log /var/log/nginx/error.log;
+
+        server {
+            listen 8185 default_server;
+            root   /opt/chaos;
+
+            location /health {
+              return 200;
+            }
+
+            location / {
+                proxy_http_version 1.1;
+                add_header Cache-Control "no-cache";
+                try_files $uri /index.html;
+                autoindex on;
+            }
+
+            # redirect server error pages to the static page /50x.html
+            #
+            error_page   500 502 503 504  /50x.html;
+            location = /50x.html {
+                root   /usr/share/nginx/html;
+            }
+
+            location /auth/ {
+                proxy_http_version 1.1;
+                proxy_set_header   Host                 $host;
+                proxy_set_header   X-Real-IP            $remote_addr;
+                proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+                proxy_set_header   X-Forwarded-Proto    $scheme;
+                proxy_pass "http://litmusportal-auth-server-service:9003/";
+            }
+
+            location /api/ {
+                proxy_http_version 1.1;
+                proxy_set_header   Upgrade              $http_upgrade;
+                proxy_set_header   Connection           $connection_upgrade;
+                proxy_set_header   Host                 $host;
+                proxy_set_header   X-Real-IP            $remote_addr;
+                proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+                proxy_set_header   X-Forwarded-Proto    $scheme;
+                proxy_pass "http://litmusportal-server-service:9002/";
+            }
+        }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-frontend
+  namespace: litmus
+  labels:
+    component: litmusportal-frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-frontend
+  template:
+    metadata:
+      labels:
+        component: litmusportal-frontend
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: litmusportal-frontend
+          image: litmuschaos/litmusportal-frontend:ci
+          imagePullPolicy: Always
+          # securityContext:
+          #   runAsUser: 2000
+          #   allowPrivilegeEscalation: false
+          #   runAsNonRoot: true
+          ports:
+            - containerPort: 8185
+          resources:
+            requests:
+              memory: "150Mi"
+              cpu: "125m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "512Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-frontend-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 9091
+      targetPort: 8185
+  selector:
+    component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-server
+  namespace: litmus
+  labels:
+    component: litmusportal-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-server
+    spec:
+      volumes:
+        - name: gitops-storage
+          emptyDir: {}
+        - name: hub-storage
+          emptyDir: {}
+      containers:
+        - name: graphql-server
+          image: litmuschaos/litmusportal-server:ci
+          volumeMounts:
+            - mountPath: /tmp/
+              name: gitops-storage
+            - mountPath: /tmp/version
+              name: hub-storage
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
+            - name: TLS_SECRET_NAME
+              value: ""
+            - name: LITMUS_PORTAL_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: CHAOS_CENTER_SCOPE
+              value: "cluster"
+            - name: ENABLE_GQL_INTROSPECTION
+              value: "false"
+            - name: SUBSCRIBER_IMAGE
+              value: "litmuschaos/litmusportal-subscriber:ci"
+            - name: EVENT_TRACKER_IMAGE
+              value: "litmuschaos/litmusportal-event-tracker:ci"
+            - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+              value: "litmuschaos/workflow-controller:v3.3.1"
+            - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+              value: "litmuschaos/argoexec:v3.3.1"
+            - name: LITMUS_CHAOS_OPERATOR_IMAGE
+              value: "litmuschaos/chaos-operator:ci"
+            - name: LITMUS_CHAOS_RUNNER_IMAGE
+              value: "litmuschaos/chaos-runner:ci"
+            - name: LITMUS_CHAOS_EXPORTER_IMAGE
+              value: "litmuschaos/chaos-exporter:ci"
+            - name: SERVER_SERVICE_NAME
+              value: "litmusportal-server-service"
+            - name: INFRA_DEPLOYMENTS
+              value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: CHAOS_CENTER_UI_ENDPOINT
+              value: ""
+            - name: INGRESS
+              value: "false"
+            - name: INGRESS_NAME
+              value: "litmus-ingress"
+            - name: CONTAINER_RUNTIME_EXECUTOR
+              value: "k8sapi"
+            - name: DEFAULT_HUB_BRANCH_NAME
+              value: "master"
+            - name: LITMUS_AUTH_GRPC_ENDPOINT
+              value: "litmusportal-auth-server-service"
+            - name: LITMUS_AUTH_GRPC_PORT
+              value: ":3030"
+            - name: WORKFLOW_HELPER_IMAGE_VERSION
+              value: "3.7.0"
+            - name: REMOTE_HUB_MAX_SIZE
+              value: "5000000"
+            - name: INFRA_COMPATIBLE_VERSIONS
+              value: '["ci"]'
+            - name: ALLOWED_ORIGINS
+              value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?
+          ports:
+            - containerPort: 8080
+            - containerPort: 8000
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "225m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "712Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+      serviceAccountName: litmus-server-account
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: litmusportal-server
+  namespace: litmus
+  labels:
+    component: litmusportal-server
+spec:
+  policyTypes:
+  - Ingress
+  podSelector:
+    matchLabels:
+      component: litmusportal-server
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-frontend
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-server-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: graphql-server
+      port: 9002
+      targetPort: 8080
+    - name: graphql-rpc-server
+      port: 8000
+      targetPort: 8000
+  selector:
+    component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-auth-server
+  namespace: litmus
+  labels:
+    component: litmusportal-auth-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-auth-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-auth-server
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: auth-server
+          image: litmuschaos/litmusportal-auth-server:ci
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            - name: STRICT_PASSWORD_POLICY
+              value: "false"
+            - name: ADMIN_USERNAME
+              value: "admin"
+            - name: ADMIN_PASSWORD
+              value: "litmus"
+            - name: LITMUS_GQL_GRPC_ENDPOINT
+              value: "litmusportal-server-service"
+            - name: LITMUS_GQL_GRPC_PORT
+              value: ":8000"
+            - name: ALLOWED_ORIGINS
+              value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)?
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "225m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "712Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+          ports:
+            - containerPort: 3000
+            - containerPort: 3030
+          imagePullPolicy: Always
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: litmusportal-auth-server
+  namespace: litmus
+  labels:
+    component: litmusportal-auth-server
+spec:
+  policyTypes:
+  - Ingress
+  podSelector:
+    matchLabels:
+      component: litmusportal-auth-server
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-frontend
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-server
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-auth-server-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: auth-server
+      port: 9003
+      targetPort: 3000
+    - name: auth-rpc-server
+      port: 3030
+      targetPort: 3030
+  selector:
+    component: litmusportal-auth-server
diff --git a/chaoscenter/manifests/litmus-namespaced-scope.yaml b/chaoscenter/manifests/litmus-namespaced-scope.yaml
index 0edbe9827d8..ce9d4edc9a7 100644
--- a/chaoscenter/manifests/litmus-namespaced-scope.yaml
+++ b/chaoscenter/manifests/litmus-namespaced-scope.yaml
@@ -273,6 +273,25 @@ spec:
               cpu: "550m"
               ephemeral-storage: "1Gi"
 ---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: litmusportal-server
+  namespace: litmus
+  labels:
+    component: litmusportal-server
+spec:
+  policyTypes:
+  - Ingress
+  podSelector:
+    matchLabels:
+      component: litmusportal-server
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-frontend
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -362,6 +381,29 @@ spec:
               cpu: "550m"
               ephemeral-storage: "1Gi"
 ---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: litmusportal-auth-server
+  namespace: litmus
+  labels:
+    component: litmusportal-auth-server
+spec:
+  policyTypes:
+  - Ingress
+  podSelector:
+    matchLabels:
+      component: litmusportal-auth-server
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-frontend
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-server
+---
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/chaoscenter/manifests/litmus-without-resources.yaml b/chaoscenter/manifests/litmus-without-resources.yaml
index 075b4d239c4..1c8c6fc6fe4 100644
--- a/chaoscenter/manifests/litmus-without-resources.yaml
+++ b/chaoscenter/manifests/litmus-without-resources.yaml
@@ -248,6 +248,25 @@ spec:
             - containerPort: 8001
           imagePullPolicy: Always
 ---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: litmusportal-server
+  namespace: litmus
+  labels:
+    component: litmusportal-server
+spec:
+  policyTypes:
+  - Ingress
+  podSelector:
+    matchLabels:
+      component: litmusportal-server
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-frontend
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -328,6 +347,29 @@ spec:
             - containerPort: 3031
           imagePullPolicy: Always
 ---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: litmusportal-auth-server
+  namespace: litmus
+  labels:
+    component: litmusportal-auth-server
+spec:
+  policyTypes:
+  - Ingress
+  podSelector:
+    matchLabels:
+      component: litmusportal-auth-server
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-frontend
+  - from:
+    - podSelector:
+        matchLabels:
+          component: litmusportal-server
+---
 apiVersion: v1
 kind: Service
 metadata:

From 3a357e8a137f29255f90ae04c5e84aa5b394f13d Mon Sep 17 00:00:00 2001
From: Shovan Maity <shovan.maity@harness.io>
Date: Mon, 8 Jul 2024 16:55:58 +0530
Subject: [PATCH 2/3] remove litmus-cluster-scope.yaml

Signed-off-by: Shovan Maity <shovan.maity@harness.io>
---
 .../manifests/litmus-cluster-scope.yaml       | 456 ------------------
 1 file changed, 456 deletions(-)
 delete mode 100644 chaoscenter/manifests/litmus-cluster-scope.yaml

diff --git a/chaoscenter/manifests/litmus-cluster-scope.yaml b/chaoscenter/manifests/litmus-cluster-scope.yaml
deleted file mode 100644
index 628412c0d11..00000000000
--- a/chaoscenter/manifests/litmus-cluster-scope.yaml
+++ /dev/null
@@ -1,456 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: litmus-server-cr
-rules:
-  - apiGroups: [networking.k8s.io, extensions]
-    resources: [ingresses]
-    verbs: [get]
-  - apiGroups: [""]
-    resources: [services, nodes, pods/log] # Will have to remove this for namespaced scope
-    verbs: [get, watch]
-  - apiGroups: [""] # To get TLS Cert from secrets incase of cluster scope
-    resources: [secrets]
-    verbs: [get]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: litmus-server-crb
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: litmus-server-cr
-subjects:
-  - kind: ServiceAccount
-    name: litmus-server-account
-    namespace: litmus
-## Control plane manifests
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: litmus
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: litmus-server-account
-  namespace: litmus
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: litmus-portal-admin-secret
-  namespace: litmus
-stringData:
-  JWT_SECRET: "litmus-portal@123"
-  DB_USER: "root"
-  DB_PASSWORD: "1234"
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: litmus-portal-admin-config
-  namespace: litmus
-data:
-  DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
-  VERSION: "ci"
-  SKIP_SSL_VERIFY: "false"
-  # Configurations if you are using dex for OAuth
-  DEX_ENABLED: "false"
-  OIDC_ISSUER: "http://<Your Domain>:32000"
-  DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
-  DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
-  DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
-  OAuthJwtSecret: "litmus-oauth@123"
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: litmusportal-frontend-nginx-configuration
-  namespace: litmus
-data:
-  nginx.conf: |
-    pid /tmp/nginx.pid;
-
-    events {
-      worker_connections  1024;
-    }
-
-    http {
-        map $http_upgrade $connection_upgrade {
-            default upgrade;
-            '' close;
-        }
-
-        client_body_temp_path /tmp/client_temp;
-        proxy_temp_path       /tmp/proxy_temp_path;
-        fastcgi_temp_path     /tmp/fastcgi_temp;
-        uwsgi_temp_path       /tmp/uwsgi_temp;
-        scgi_temp_path        /tmp/scgi_temp;
-
-        sendfile on;
-        tcp_nopush on;
-        tcp_nodelay on;
-        keepalive_timeout 65;
-        types_hash_max_size 2048;
-        server_tokens off;
-
-        include /etc/nginx/mime.types;
-
-        gzip on;
-        gzip_disable "msie6";
-
-        access_log /var/log/nginx/access.log;
-        error_log /var/log/nginx/error.log;
-
-        server {
-            listen 8185 default_server;
-            root   /opt/chaos;
-
-            location /health {
-              return 200;
-            }
-
-            location / {
-                proxy_http_version 1.1;
-                add_header Cache-Control "no-cache";
-                try_files $uri /index.html;
-                autoindex on;
-            }
-
-            # redirect server error pages to the static page /50x.html
-            #
-            error_page   500 502 503 504  /50x.html;
-            location = /50x.html {
-                root   /usr/share/nginx/html;
-            }
-
-            location /auth/ {
-                proxy_http_version 1.1;
-                proxy_set_header   Host                 $host;
-                proxy_set_header   X-Real-IP            $remote_addr;
-                proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
-                proxy_set_header   X-Forwarded-Proto    $scheme;
-                proxy_pass "http://litmusportal-auth-server-service:9003/";
-            }
-
-            location /api/ {
-                proxy_http_version 1.1;
-                proxy_set_header   Upgrade              $http_upgrade;
-                proxy_set_header   Connection           $connection_upgrade;
-                proxy_set_header   Host                 $host;
-                proxy_set_header   X-Real-IP            $remote_addr;
-                proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
-                proxy_set_header   X-Forwarded-Proto    $scheme;
-                proxy_pass "http://litmusportal-server-service:9002/";
-            }
-        }
-    }
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: litmusportal-frontend
-  namespace: litmus
-  labels:
-    component: litmusportal-frontend
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      component: litmusportal-frontend
-  template:
-    metadata:
-      labels:
-        component: litmusportal-frontend
-    spec:
-      automountServiceAccountToken: false
-      containers:
-        - name: litmusportal-frontend
-          image: litmuschaos/litmusportal-frontend:ci
-          imagePullPolicy: Always
-          # securityContext:
-          #   runAsUser: 2000
-          #   allowPrivilegeEscalation: false
-          #   runAsNonRoot: true
-          ports:
-            - containerPort: 8185
-          resources:
-            requests:
-              memory: "150Mi"
-              cpu: "125m"
-              ephemeral-storage: "500Mi"
-            limits:
-              memory: "512Mi"
-              cpu: "550m"
-              ephemeral-storage: "1Gi"
-          volumeMounts:
-            - name: nginx-config
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-      volumes:
-        - name: nginx-config
-          configMap:
-            name: litmusportal-frontend-nginx-configuration
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: litmusportal-frontend-service
-  namespace: litmus
-spec:
-  type: NodePort
-  ports:
-    - name: http
-      port: 9091
-      targetPort: 8185
-  selector:
-    component: litmusportal-frontend
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: litmusportal-server
-  namespace: litmus
-  labels:
-    component: litmusportal-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      component: litmusportal-server
-  template:
-    metadata:
-      labels:
-        component: litmusportal-server
-    spec:
-      volumes:
-        - name: gitops-storage
-          emptyDir: {}
-        - name: hub-storage
-          emptyDir: {}
-      containers:
-        - name: graphql-server
-          image: litmuschaos/litmusportal-server:ci
-          volumeMounts:
-            - mountPath: /tmp/
-              name: gitops-storage
-            - mountPath: /tmp/version
-              name: hub-storage
-          securityContext:
-            runAsUser: 2000
-            allowPrivilegeEscalation: false
-            runAsNonRoot: true
-            readOnlyRootFilesystem: true
-          envFrom:
-            - configMapRef:
-                name: litmus-portal-admin-config
-            - secretRef:
-                name: litmus-portal-admin-secret
-          env:
-            # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
-            - name: TLS_SECRET_NAME
-              value: ""
-            - name: LITMUS_PORTAL_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: CHAOS_CENTER_SCOPE
-              value: "cluster"
-            - name: ENABLE_GQL_INTROSPECTION
-              value: "false"
-            - name: SUBSCRIBER_IMAGE
-              value: "litmuschaos/litmusportal-subscriber:ci"
-            - name: EVENT_TRACKER_IMAGE
-              value: "litmuschaos/litmusportal-event-tracker:ci"
-            - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
-              value: "litmuschaos/workflow-controller:v3.3.1"
-            - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
-              value: "litmuschaos/argoexec:v3.3.1"
-            - name: LITMUS_CHAOS_OPERATOR_IMAGE
-              value: "litmuschaos/chaos-operator:ci"
-            - name: LITMUS_CHAOS_RUNNER_IMAGE
-              value: "litmuschaos/chaos-runner:ci"
-            - name: LITMUS_CHAOS_EXPORTER_IMAGE
-              value: "litmuschaos/chaos-exporter:ci"
-            - name: SERVER_SERVICE_NAME
-              value: "litmusportal-server-service"
-            - name: INFRA_DEPLOYMENTS
-              value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: CHAOS_CENTER_UI_ENDPOINT
-              value: ""
-            - name: INGRESS
-              value: "false"
-            - name: INGRESS_NAME
-              value: "litmus-ingress"
-            - name: CONTAINER_RUNTIME_EXECUTOR
-              value: "k8sapi"
-            - name: DEFAULT_HUB_BRANCH_NAME
-              value: "master"
-            - name: LITMUS_AUTH_GRPC_ENDPOINT
-              value: "litmusportal-auth-server-service"
-            - name: LITMUS_AUTH_GRPC_PORT
-              value: ":3030"
-            - name: WORKFLOW_HELPER_IMAGE_VERSION
-              value: "3.7.0"
-            - name: REMOTE_HUB_MAX_SIZE
-              value: "5000000"
-            - name: INFRA_COMPATIBLE_VERSIONS
-              value: '["ci"]'
-            - name: ALLOWED_ORIGINS
-              value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?
-          ports:
-            - containerPort: 8080
-            - containerPort: 8000
-          imagePullPolicy: Always
-          resources:
-            requests:
-              memory: "250Mi"
-              cpu: "225m"
-              ephemeral-storage: "500Mi"
-            limits:
-              memory: "712Mi"
-              cpu: "550m"
-              ephemeral-storage: "1Gi"
-      serviceAccountName: litmus-server-account
----
-kind: NetworkPolicy
-apiVersion: networking.k8s.io/v1
-metadata:
-  name: litmusportal-server
-  namespace: litmus
-  labels:
-    component: litmusportal-server
-spec:
-  policyTypes:
-  - Ingress
-  podSelector:
-    matchLabels:
-      component: litmusportal-server
-  ingress:
-  - from:
-    - podSelector:
-        matchLabels:
-          component: litmusportal-frontend
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: litmusportal-server-service
-  namespace: litmus
-spec:
-  type: NodePort
-  ports:
-    - name: graphql-server
-      port: 9002
-      targetPort: 8080
-    - name: graphql-rpc-server
-      port: 8000
-      targetPort: 8000
-  selector:
-    component: litmusportal-server
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: litmusportal-auth-server
-  namespace: litmus
-  labels:
-    component: litmusportal-auth-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      component: litmusportal-auth-server
-  template:
-    metadata:
-      labels:
-        component: litmusportal-auth-server
-    spec:
-      automountServiceAccountToken: false
-      containers:
-        - name: auth-server
-          image: litmuschaos/litmusportal-auth-server:ci
-          securityContext:
-            runAsUser: 2000
-            allowPrivilegeEscalation: false
-            runAsNonRoot: true
-            readOnlyRootFilesystem: true
-          envFrom:
-            - configMapRef:
-                name: litmus-portal-admin-config
-            - secretRef:
-                name: litmus-portal-admin-secret
-          env:
-            - name: STRICT_PASSWORD_POLICY
-              value: "false"
-            - name: ADMIN_USERNAME
-              value: "admin"
-            - name: ADMIN_PASSWORD
-              value: "litmus"
-            - name: LITMUS_GQL_GRPC_ENDPOINT
-              value: "litmusportal-server-service"
-            - name: LITMUS_GQL_GRPC_PORT
-              value: ":8000"
-            - name: ALLOWED_ORIGINS
-              value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)?
-          resources:
-            requests:
-              memory: "250Mi"
-              cpu: "225m"
-              ephemeral-storage: "500Mi"
-            limits:
-              memory: "712Mi"
-              cpu: "550m"
-              ephemeral-storage: "1Gi"
-          ports:
-            - containerPort: 3000
-            - containerPort: 3030
-          imagePullPolicy: Always
----
-kind: NetworkPolicy
-apiVersion: networking.k8s.io/v1
-metadata:
-  name: litmusportal-auth-server
-  namespace: litmus
-  labels:
-    component: litmusportal-auth-server
-spec:
-  policyTypes:
-  - Ingress
-  podSelector:
-    matchLabels:
-      component: litmusportal-auth-server
-  ingress:
-  - from:
-    - podSelector:
-        matchLabels:
-          component: litmusportal-frontend
-  - from:
-    - podSelector:
-        matchLabels:
-          component: litmusportal-server
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: litmusportal-auth-server-service
-  namespace: litmus
-spec:
-  type: NodePort
-  ports:
-    - name: auth-server
-      port: 9003
-      targetPort: 3000
-    - name: auth-rpc-server
-      port: 3030
-      targetPort: 3030
-  selector:
-    component: litmusportal-auth-server

From 9d2eac94eced2a94ba3dacdd1e7e3df5c63e9d86 Mon Sep 17 00:00:00 2001
From: Shovan Maity <shovan.maity@harness.io>
Date: Mon, 8 Jul 2024 17:05:09 +0530
Subject: [PATCH 3/3] rename litmus-namespaced-scope.yaml ->
 litmus-installation.yaml

Signed-off-by: Shovan Maity <shovan.maity@harness.io>
---
 .../{litmus-namespaced-scope.yaml => litmus-installation.yaml}    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename chaoscenter/manifests/{litmus-namespaced-scope.yaml => litmus-installation.yaml} (100%)

diff --git a/chaoscenter/manifests/litmus-namespaced-scope.yaml b/chaoscenter/manifests/litmus-installation.yaml
similarity index 100%
rename from chaoscenter/manifests/litmus-namespaced-scope.yaml
rename to chaoscenter/manifests/litmus-installation.yaml