From 4c922778edbc598751f09ace618bd9ad0a15116c Mon Sep 17 00:00:00 2001 From: Josh Thornton Date: Fri, 17 Jun 2022 11:06:52 -0400 Subject: [PATCH] make prepare --- .../speedscale-operator/charts/.helmignore | 23 ++ .../speedscale-operator/charts/Chart.yaml | 26 ++ packages/speedscale-operator/charts/LICENSE | 201 +++++++++++++ packages/speedscale-operator/charts/README.md | 130 +++++++++ .../speedscale-operator/charts/app-readme.md | 130 +++++++++ .../speedscale-operator/charts/questions.yaml | 9 + .../charts/templates/admission.yaml | 127 ++++++++ .../charts/templates/configmap.yaml | 24 ++ .../charts/templates/crds/trafficreplays.yaml | 273 ++++++++++++++++++ .../charts/templates/deployments.yaml | 114 ++++++++ .../charts/templates/hooks.yaml | 103 +++++++ .../charts/templates/rbac.yaml | 192 ++++++++++++ .../charts/templates/secrets.yaml | 21 ++ .../charts/templates/services.yaml | 20 ++ .../charts/templates/tls.yaml | 25 ++ .../speedscale-operator/charts/values.yaml | 35 +++ packages/speedscale-operator/package.yaml | 2 +- 17 files changed, 1454 insertions(+), 1 deletion(-) create mode 100644 packages/speedscale-operator/charts/.helmignore create mode 100644 packages/speedscale-operator/charts/Chart.yaml create mode 100644 packages/speedscale-operator/charts/LICENSE create mode 100644 packages/speedscale-operator/charts/README.md create mode 100644 packages/speedscale-operator/charts/app-readme.md create mode 100644 packages/speedscale-operator/charts/questions.yaml create mode 100644 packages/speedscale-operator/charts/templates/admission.yaml create mode 100644 packages/speedscale-operator/charts/templates/configmap.yaml create mode 100644 packages/speedscale-operator/charts/templates/crds/trafficreplays.yaml create mode 100644 packages/speedscale-operator/charts/templates/deployments.yaml create mode 100644 packages/speedscale-operator/charts/templates/hooks.yaml create mode 100644 packages/speedscale-operator/charts/templates/rbac.yaml create mode 100644 packages/speedscale-operator/charts/templates/secrets.yaml create mode 100644 packages/speedscale-operator/charts/templates/services.yaml create mode 100644 packages/speedscale-operator/charts/templates/tls.yaml create mode 100644 packages/speedscale-operator/charts/values.yaml diff --git a/packages/speedscale-operator/charts/.helmignore b/packages/speedscale-operator/charts/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/packages/speedscale-operator/charts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/speedscale-operator/charts/Chart.yaml b/packages/speedscale-operator/charts/Chart.yaml new file mode 100644 index 000000000..f357c028d --- /dev/null +++ b/packages/speedscale-operator/charts/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/release-name: speedscale-operator +apiVersion: v1 +appVersion: 1.0.29 +description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. +home: https://speedscale.com +icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png +keywords: +- speedscale +- test +- testing +- regression +- reliability +- load +- replay +- network +- traffic +kubeVersion: '>= 1.17.0-0' +maintainers: +- email: support@speedscale.com + name: Speedscale Support +name: speedscale-operator +version: 1.0.3 diff --git a/packages/speedscale-operator/charts/LICENSE b/packages/speedscale-operator/charts/LICENSE new file mode 100644 index 000000000..b78723d62 --- /dev/null +++ b/packages/speedscale-operator/charts/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2021 Speedscale + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/speedscale-operator/charts/README.md b/packages/speedscale-operator/charts/README.md new file mode 100644 index 000000000..c8d27ddcf --- /dev/null +++ b/packages/speedscale-operator/charts/README.md @@ -0,0 +1,130 @@ +# Speedscale Operator + +The [Speedscale](https://www.speedscale.com) Operator is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) +that watches for deployments to be applied to the cluster and takes action based on annotations. The operator +can inject a proxy to capture traffic into or out of applications, or setup an isolation test environment around +a deployment for testing. The operator itself is a deployment that will be always present on the cluster once +the helm chart is installed. + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ +- Appropriate [network and firewall configuration](http://docs.speedscale.com/reference/networking) for Speedscale cloud and webhook traffic + +## Get Repo Info + +```bash +helm repo add speedscale https://speedscale.github.io/operator-helm/ +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +An API key is required. Sign up for a [free Speedscale trial](https://speedscale.com/free-trial/) if you do not have one. + +```bash +helm install speedscale-operator speedscale/speedscale-operator \ + -n speedscale \ + --create-namespace \ + --set apiKey= \ + --set clusterName= +``` + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +### Pre-install job failure + +We use pre-install job to check provided API key and provision some of the required resources. + +If the job failed during the installation, you'll see the following error during install: + +``` +Error: INSTALLATION FAILED: failed pre-install: job failed: BackoffLimitExceeded +``` + +You can inspect the logs using this command: + +```bash +kubectl -n speedscale logs job/speedscale-operator-pre-install +``` + +After fixing the error, uninstall the helm release, delete the failed job +and try installing again: + +```bash +helm -n speedscale uninstall speedscale-operator +kubectl -n speedscale delete job speedscale-operator-pre-install +``` + +## Uninstall Chart + +```bash +helm -n speedscale uninstall speedscale-operator +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +CRDs created by this chart are not removed by default and should be manually cleaned up: + +```bash +kubectl delete crd trafficreplays.speedscale.com +``` + +## Upgrading Chart + +```bash +helm repo update +helm -n speedscale upgrade speedscale-operator speedscale/speedscale-operator +``` + +With Helm v3, CRDs created by this chart are not updated by default +and should be manually updated. +Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading an existing Release to a new version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### Upgrade to 1.0.3 + +BEFORE UPGRADE: + +```bash +kubectl -n speedscale delete secret speedscale-gcrcreds speedscale-apikey +kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io speedscale-operator +kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io speedscale-operator +``` + +```bash +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.0.3/templates/crds/trafficreplays.yaml +``` + +### Upgrade to 1.0.0 + +```bash +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.0.0/templates/crds/trafficreplays.yaml +``` + +### Upgrade to 0.12.3 + +```bash +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/0.12.3/templates/crds/trafficreplays.yaml +``` + +### From version below 0.12.0 to 0.12.x +This upgrades speedscale-operator to v0.12.x. + +Uninstall the previous release and install the chart from scratch. + +## Help + +Speedscale docs information available at [docs.speedscale.com](https://docs.speedscale.com) or join us +on the [Speedscale community Slack](https://join.slack.com/t/speedscalecommunity/shared_invite/zt-x5rcrzn4-XHG1QqcHNXIM~4yozRrz8A)! diff --git a/packages/speedscale-operator/charts/app-readme.md b/packages/speedscale-operator/charts/app-readme.md new file mode 100644 index 000000000..c8d27ddcf --- /dev/null +++ b/packages/speedscale-operator/charts/app-readme.md @@ -0,0 +1,130 @@ +# Speedscale Operator + +The [Speedscale](https://www.speedscale.com) Operator is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) +that watches for deployments to be applied to the cluster and takes action based on annotations. The operator +can inject a proxy to capture traffic into or out of applications, or setup an isolation test environment around +a deployment for testing. The operator itself is a deployment that will be always present on the cluster once +the helm chart is installed. + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ +- Appropriate [network and firewall configuration](http://docs.speedscale.com/reference/networking) for Speedscale cloud and webhook traffic + +## Get Repo Info + +```bash +helm repo add speedscale https://speedscale.github.io/operator-helm/ +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +An API key is required. Sign up for a [free Speedscale trial](https://speedscale.com/free-trial/) if you do not have one. + +```bash +helm install speedscale-operator speedscale/speedscale-operator \ + -n speedscale \ + --create-namespace \ + --set apiKey= \ + --set clusterName= +``` + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +### Pre-install job failure + +We use pre-install job to check provided API key and provision some of the required resources. + +If the job failed during the installation, you'll see the following error during install: + +``` +Error: INSTALLATION FAILED: failed pre-install: job failed: BackoffLimitExceeded +``` + +You can inspect the logs using this command: + +```bash +kubectl -n speedscale logs job/speedscale-operator-pre-install +``` + +After fixing the error, uninstall the helm release, delete the failed job +and try installing again: + +```bash +helm -n speedscale uninstall speedscale-operator +kubectl -n speedscale delete job speedscale-operator-pre-install +``` + +## Uninstall Chart + +```bash +helm -n speedscale uninstall speedscale-operator +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +CRDs created by this chart are not removed by default and should be manually cleaned up: + +```bash +kubectl delete crd trafficreplays.speedscale.com +``` + +## Upgrading Chart + +```bash +helm repo update +helm -n speedscale upgrade speedscale-operator speedscale/speedscale-operator +``` + +With Helm v3, CRDs created by this chart are not updated by default +and should be manually updated. +Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading an existing Release to a new version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### Upgrade to 1.0.3 + +BEFORE UPGRADE: + +```bash +kubectl -n speedscale delete secret speedscale-gcrcreds speedscale-apikey +kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io speedscale-operator +kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io speedscale-operator +``` + +```bash +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.0.3/templates/crds/trafficreplays.yaml +``` + +### Upgrade to 1.0.0 + +```bash +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.0.0/templates/crds/trafficreplays.yaml +``` + +### Upgrade to 0.12.3 + +```bash +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/0.12.3/templates/crds/trafficreplays.yaml +``` + +### From version below 0.12.0 to 0.12.x +This upgrades speedscale-operator to v0.12.x. + +Uninstall the previous release and install the chart from scratch. + +## Help + +Speedscale docs information available at [docs.speedscale.com](https://docs.speedscale.com) or join us +on the [Speedscale community Slack](https://join.slack.com/t/speedscalecommunity/shared_invite/zt-x5rcrzn4-XHG1QqcHNXIM~4yozRrz8A)! diff --git a/packages/speedscale-operator/charts/questions.yaml b/packages/speedscale-operator/charts/questions.yaml new file mode 100644 index 000000000..29aee3895 --- /dev/null +++ b/packages/speedscale-operator/charts/questions.yaml @@ -0,0 +1,9 @@ +questions: +- variable: apiKey + default: "fffffffffffffffffffffffffffffffffffffffffffff" + description: "An API key is required to connect to the Speedscale cloud." + required: true + type: string + label: API Key + group: Authentication + diff --git a/packages/speedscale-operator/charts/templates/admission.yaml b/packages/speedscale-operator/charts/templates/admission.yaml new file mode 100644 index 000000000..649547435 --- /dev/null +++ b/packages/speedscale-operator/charts/templates/admission.yaml @@ -0,0 +1,127 @@ +{{- $cacrt := "" -}} +{{- $crt := "" -}} +{{- $key := "" -}} +{{- $s := (lookup "v1" "Secret" .Release.Namespace "speedscale-webhook-certs") -}} +{{- if $s -}} +{{- $cacrt = index $s.data "ca.crt" | default (index $s.data "tls.crt") | b64dec -}} +{{- $crt = index $s.data "tls.crt" | b64dec -}} +{{- $key = index $s.data "tls.key" | b64dec -}} +{{ else }} +{{- $altNames := list ( printf "speedscale-operator.%s" .Release.Namespace ) ( printf "speedscale-operator.%s.svc" .Release.Namespace ) -}} +{{- $ca := genCA "speedscale-operator" 3650 -}} +{{- $cert := genSignedCert "speedscale-operator" nil $altNames 3650 $ca -}} +{{- $cacrt = $ca.Cert -}} +{{- $crt = $cert.Cert -}} +{{- $key = $cert.Key -}} +{{- end -}} +--- +apiVersion: v1 +data: + ca.crt: {{ $cacrt | b64enc }} + tls.crt: {{ $crt | b64enc }} + tls.key: {{ $key | b64enc }} +kind: Secret +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + name: speedscale-webhook-certs + namespace: {{ .Release.Namespace }} +type: kubernetes.io/tls +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: speedscale-operator +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + caBundle: {{ $cacrt | b64enc }} + service: + name: speedscale-operator + namespace: {{ .Release.Namespace }} + path: /mutate + failurePolicy: Ignore + name: sidecar.speedscale.com + namespaceSelector: {} + rules: + - apiGroups: + - apps + - batch + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - deployments + - statefulsets + - daemonsets + - jobs + - replicasets + sideEffects: None + timeoutSeconds: 10 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: speedscale-operator-replay +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + caBundle: {{ $cacrt | b64enc }} + service: + name: speedscale-operator + namespace: {{ .Release.Namespace }} + path: /validate-speedscale-com-v1-trafficreplay + failurePolicy: Fail + name: replay.speedscale.com + namespaceSelector: {} + rules: + - apiGroups: + - speedscale.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - trafficreplays + sideEffects: None + timeoutSeconds: 10 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: speedscale-operator-replay +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + caBundle: {{ $cacrt | b64enc }} + service: + name: speedscale-operator + namespace: {{ .Release.Namespace }} + path: /mutate-speedscale-com-v1-trafficreplay + failurePolicy: Fail + name: replay.speedscale.com + namespaceSelector: {} + rules: + - apiGroups: + - speedscale.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - trafficreplays + sideEffects: None + timeoutSeconds: 10 diff --git a/packages/speedscale-operator/charts/templates/configmap.yaml b/packages/speedscale-operator/charts/templates/configmap.yaml new file mode 100644 index 000000000..5d3d90237 --- /dev/null +++ b/packages/speedscale-operator/charts/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +data: + CLI_VERSION: v1.0.29 + CLUSTER_NAME: {{ .Values.clusterName }} + IMAGE_PULL_POLICY: {{ .Values.image.pullPolicy }} + IMAGE_PULL_SECRETS: "" + IMAGE_REGISTRY: {{ .Values.image.registry }} + IMAGE_TAG: {{ .Values.image.tag }} + INSTALL_SOURCE: helm + INSTANCE_ID: '{{- $cm := (lookup "v1" "ConfigMap" .Release.Namespace "speedscale-operator") + -}}{{ if $cm }}{{ $cm.data.INSTANCE_ID }}{{ else }}{{ ( printf "%s-%s-%s" .Values.clusterName + .Release.Namespace uuidv4 ) }}{{ end }}' + LOG_LEVEL: {{ .Values.logLevel }} + SPEEDSCALE_DLP_CONFIG: {{ .Values.dlp.config }} + SPEEDSCALE_FILTER_RULE: {{ .Values.filterRule }} + TELEMETRY_INTERVAL: 2s + WITH_DLP: {{ .Values.dlp.enabled | quote }} + WITH_INSPECTOR: {{ .Values.dashboardAccess | quote }} +kind: ConfigMap +metadata: + creationTimestamp: null + name: speedscale-operator + namespace: {{ .Release.Namespace }} diff --git a/packages/speedscale-operator/charts/templates/crds/trafficreplays.yaml b/packages/speedscale-operator/charts/templates/crds/trafficreplays.yaml new file mode 100644 index 000000000..886af2a69 --- /dev/null +++ b/packages/speedscale-operator/charts/templates/crds/trafficreplays.yaml @@ -0,0 +1,273 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: trafficreplays.speedscale.com +spec: + group: speedscale.com + names: + kind: TrafficReplay + listKind: TrafficReplayList + plural: trafficreplays + shortNames: + - replay + singular: trafficreplay + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.active + name: Active + type: boolean + - jsonPath: .spec.mode + name: Mode + type: string + - jsonPath: .status.conditions[-1:].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: TrafficReplay is the Schema for the trafficreplays API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TrafficReplaySpec defines the desired state of TrafficReplay + properties: + buildTag: + description: BuildTag links a unique tag, build hash, etc. to the + generated traffic replay report. That way you can connect the report + results to the version of the code that was tested. + type: string + cleanup: + description: Cleanup is the name of cleanup mode used for this TrafficReplay. + enum: + - inventory + - all + - none + type: string + collectLogs: + description: CollectLogs enables or disables log collection from target + workload. Defaults to true. + type: boolean + configChecksum: + description: ConfigChecksum is the SHA1 checksum of the configuration. + type: string + customURL: + description: CustomURL allows to specify custom URL to SUT. + type: string + generatorLowData: + description: Setting GeneratorLowData to 'true' forces the generator + into a high efficiency/low data output mode. This is ideal for high + volume performance tests. Defaults to false. + type: boolean + injectSidecar: + description: InjectSidecar enables or disables sidecar injection during + the replay. Defaults to false. + type: boolean + mode: + description: Mode is the name of replay mode used for this TrafficReplay. + enum: + - full-replay + - responder-only + - generator-only + type: string + proxyMode: + description: ProxyMode defines proxy operational mode used with injected + sidecar. + type: string + responderLowData: + description: Setting ResponderLowData to 'true' forces the responder + into a high efficiency/low data output mode. This is ideal for high + volume performance tests. Defaults to false. + type: boolean + secretRefs: + description: SecretRefs hold the references to the secrets which contain + various secrets like (e.g. short-lived JWTs to be used by the generator + for authorization with HTTP calls). + items: + description: LocalObjectReference contains enough information to + locate the referenced Kubernetes resource object. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + type: array + snapshotID: + description: SnapshotID is the id of the traffic snapshot for this + TrafficReplay. + type: string + testConfigID: + description: TestConfigID is the id of the replay configuration to + be used by the generator and responder for the TrafficReplay. + type: string + timeout: + description: Timeout is the time to wait for replay test to finish. + Defaults to value of the `TIMEOUT` setting of the operator. + type: string + ttlAfterReady: + description: TTLAfterReady provides a TTL (time to live) mechanism + to limit the lifetime of TrafficReplay object that have finished + the execution and reached its final state (either complete or failed). + type: string + workloadRef: + description: The reference to the target workload (SUT - system under + test) for TrafficReplay. The operations will be performed in the + namespace of the target object. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, defaults to the TrafficReplay + namespace + type: string + required: + - kind + - name + type: object + required: + - snapshotID + - workloadRef + type: object + status: + default: + observedGeneration: -1 + description: TrafficReplayStatus defines the observed state of TrafficReplay + properties: + active: + description: Active indicates whether this traffic replay is currently + underway or not. + type: boolean + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + finishedTime: + description: Information when the traffic replay has finished. + format: date-time + type: string + initializedTime: + description: Information when the test environment was successfully + prepared. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + reportID: + description: The id of the traffic replay report created. + type: string + reportURL: + description: The url to the traffic replay report. + type: string + startedTime: + description: Information when the traffic replay has started. + format: date-time + type: string + workloadHost: + description: WorkloadHost is the host address which is targeted during + the traffic replay. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/packages/speedscale-operator/charts/templates/deployments.yaml b/packages/speedscale-operator/charts/templates/deployments.yaml new file mode 100644 index 000000000..1575711be --- /dev/null +++ b/packages/speedscale-operator/charts/templates/deployments.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + operator.speedscale.com/ignore: "true" + creationTimestamp: null + labels: + app: speedscale-operator + controlplane.speedscale.com/component: operator + name: speedscale-operator + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: speedscale-operator + controlplane.speedscale.com/component: operator + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: | + {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + creationTimestamp: null + labels: + app: speedscale-operator + controlplane.speedscale.com/component: operator + spec: + containers: + - command: + - /operator + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: speedscale-operator + - secretRef: + name: speedscale-apikey + optional: false + image: '{{ .Values.image.registry }}/operator:{{ .Values.image.tag }}' + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: health-check + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + name: operator + ports: + - containerPort: 9443 + name: webhook-server + - containerPort: 8081 + name: health-check + readinessProbe: + failureThreshold: 5 + httpGet: + path: /readyz + port: health-check + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 2100 + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: webhook-certs + readOnly: true + - mountPath: /etc/ssl/speedscale + name: speedscale-tls-out + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: speedscale-operator + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: tmp + - name: webhook-certs + secret: + secretName: speedscale-webhook-certs + - name: speedscale-tls-out + secret: + secretName: speedscale-certs +status: {} diff --git a/packages/speedscale-operator/charts/templates/hooks.yaml b/packages/speedscale-operator/charts/templates/hooks.yaml new file mode 100644 index 000000000..7ba9e8c0f --- /dev/null +++ b/packages/speedscale-operator/charts/templates/hooks.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "4" + creationTimestamp: null + name: speedscale-operator-pre-install + namespace: {{ .Release.Namespace }} +spec: + backoffLimit: 0 + template: + metadata: + creationTimestamp: null + spec: + containers: + - args: + - |- + speedctl init --overwrite --no-rcfile-update \ + --api-key {{ required "A valid .Values.apiKey is required!" .Values.apiKey }} \ + --app-url {{ required "A valid .Values.appUrl is required!" .Values.appUrl }} + command: + - sh + - -c + image: '{{ .Values.image.registry }}/speedscale-cli:{{ .Values.image.tag }}' + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: speedscale-cli + resources: {} + restartPolicy: Never +status: {} +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "1" + creationTimestamp: null + labels: + app: speedscale-operator + controlplane.speedscale.com/component: operator + name: speedscale-operator-provisioning + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "2" + creationTimestamp: null + name: speedscale-operator-provisioning +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "3" + creationTimestamp: null + name: speedscale-operator-provisioning +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: speedscale-operator-provisioning +subjects: +- kind: ServiceAccount + name: speedscale-operator-provisioning + namespace: {{ .Release.Namespace }} diff --git a/packages/speedscale-operator/charts/templates/rbac.yaml b/packages/speedscale-operator/charts/templates/rbac.yaml new file mode 100644 index 000000000..e6c532b9c --- /dev/null +++ b/packages/speedscale-operator/charts/templates/rbac.yaml @@ -0,0 +1,192 @@ +--- +apiVersion: v1 +automountServiceAccountToken: true +imagePullSecrets: +- name: speedscale-gcrcreds +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app: speedscale-operator + controlplane.speedscale.com/component: operator + name: speedscale-operator + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: speedscale-operator +rules: +- apiGroups: + - apps + resources: + - deployments + - statefulsets + - daemonsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - replicasets + verbs: + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - secrets + - pods + - services + - serviceaccounts + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - metrics.k8s.io + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - deletecollection + - use +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - envoyfilters + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - speedscale.com + resources: + - trafficreplays + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - speedscale.com + resources: + - trafficreplays/status + verbs: + - get + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: speedscale-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: speedscale-operator +subjects: +- kind: ServiceAccount + name: speedscale-operator + namespace: {{ .Release.Namespace }} diff --git a/packages/speedscale-operator/charts/templates/secrets.yaml b/packages/speedscale-operator/charts/templates/secrets.yaml new file mode 100644 index 000000000..097e29312 --- /dev/null +++ b/packages/speedscale-operator/charts/templates/secrets.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJnY3IuaW8iOnsidXNlcm5hbWUiOiJfanNvbl9rZXkiLCJwYXNzd29yZCI6IntcbiAgXCJ0eXBlXCI6IFwic2VydmljZV9hY2NvdW50XCIsXG4gIFwicHJvamVjdF9pZFwiOiBcInNwZWVkc2NhbGVcIixcbiAgXCJwcml2YXRlX2tleV9pZFwiOiBcIjQyNzU2ZWQ2NWU0ZGE3ZTE2ODEyOTgxOTk4ODFiZGZmOGZlODY1Y2NcIixcbiAgXCJwcml2YXRlX2tleVwiOiBcIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxcbk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzRwbHZ3TTEvek0xeWhcXG5hUFZvRDBQZjNMb0lnTDNDM2xNMGM0TVFNL2lsb2JSS3NObTA1WnRiVFhUVGx3RklxODJDVnl2NlU2U0hXM0V1XFxuaDdyQllFUmRTRHJLSTNNNEUyV3AxY3c5TkdKYTNuc1hGSWhLRmU3ZThSandsUk92eXlYLzE0UEVmN3NOdGlMVFxcbmtPK2JqckpxVEVpU2NCUFloUkQvRnFFZmJWQm9NYnZpdkVDQkY2dGRqcTVwRiswVmdiT2FEdnJqZ2dRdnVWdHVcXG5VYzlRcW5QaE1CU3Z3dE5oOTZGc2dncnVFQ1N6Z2UyYTVJRE5wYmYwb2U3ZTVycFU0c0hSb3l1ZWlOeU1ZSHpYXFxuUjQraGRFNTJnOXFLN3dYTStHUi9OREdMUkgxeDlhdjRZYlBURTZnOGtkcWdCQVp0c05KaDRwVUp6Y1VWMENJV1xcbmZuRFNlNkhGQWdNQkFBRUNnZ0VBSFNEdFB2cXp4N2RTQlFwOE1ESzhSOXZYb3hEQUhyWVkxUnpsejVBTFNRRzFcXG40ZFI5TzRxL0U4dW53dHMrOGhwY0hKUW8xV0FOZytiYWQzY2s4RzJCeTE5aUd0STEwbUpJOXQ1SnpsdnRxaDBQXFxudU9mZHlpWWtuUm5XajlsTWxqNUxXODFCTmFYYXVjS0NRdkxKd2JYa2tsMC9VNDZIcXUvdTZ2YkVheU5BL0hhYlxcblF0K1ROZlpaQW9MWmE0dnZrd0xLQ1VGNUkvenZnK21OTytZWllwV0V5QjR0U3JtMnpiWm96c3hMVFZ5TFR2WFVcXG5JZkFNYUE4UktyMGxIVXZ5WEZvd2l5N0F3bU5sanFCQlkyRkFXM3VyU3VOZ1YxdXdhQnRwN2w5OStaaCtiKzhPXFxuYW01QStuS2lvQk00TG54cGVwZThuVGkxU1Fsa3dZaG0zR0s5MktyZ3NRS0JnUURwWG1nZEZPbnpyaXhKYXRPZVxcbmt2RDR5L2d2WmNSdmJ1dDVwL0pZeFpBUnN5SytIM1RPMzJvK09sTm4rcG8vL2lPK0lvMTRaUUFKMm1MTU4vakhcXG5iM0hnTm1aV2dHRWk2blNBQ3QvYklPYUh2SHh5L0NtTEwzbTBUbjJnNzBScVZtVUpIMXZMQjhVUWlNY0ZHQnA3XFxuNFB4Tk4xeTZBY1BvUVRPVWlDT2tPZWZOeVFLQmdRREtqblhXVFEweGpjazdaVjIvRjBhYW8ybHRlTFpHdUZXQ1xcbjJnbTB0QSs5UUIzckhMcVZ4dWJwenZpd3dIclJHTlV0RDhRdjBJWU52TW11YSt1cXRVcFVaOE5LWXVDeWZQZ3VcXG5yWUxqUHlVVGxmOE4yaXVkYVIyZStVWDZCOWE0dXBYanJLdWtkWDM4SVlwZmJLS0RTQ3ZuZFlzT0x1ai9GeDRyXFxuMmVtdWRvL0NIUUtCZ0VTRmx0WnJMS0tEVXJlZjZWRVhYaS8vVy9rMnpXM1d5TWRvMjh6YS9ZbGs2dCtlUnVMelxcblVMUEMxbmlpYWFZK2plb25KUmpqdHhZdGpITGdRR2oydlI0VGV3c05HUGh5bFJCL29Pa3JpT1QwSUNwM0JnKzdcXG5PZVlLWWZMZUxsMTJ6cVhXRWxMVURqWGpvMlJJaG9ZM01uM05zcWxmR1ZIWnl6WmludXg2b0NpWkFvR0Fkb2R5XFxuc1JxWms5dlNXNjF2ZERqY21mVHg1cHR5bm1PVHRtUjh0WCtBamxBTXNkNDMyUmx4V25SQTFyMXJvUndVOHE5OVxcbk1EV25uRFpURm53VWhlcGNPcFFWbFZ2Uy9OOWdJNEJwVFMxUU51dlpPblBtZmRCYkF3SC9UdFp6Y2RuTmlGTXNcXG5oYW96Tk8wem1hOXFVY1JUM0xmTnpWanFBd3UySGhjQVJaVWZmb2tDZ1lFQWdhVEZhb1dnbENOazZtU0JlSXR2XFxuVjUxN3BOSFlXeHlpRzlwTDJIUUxFeDhwdkdWZFp1dUlONHdGdk13UzRldm1VeWN0dmkvMmc2R1FXdS9nYUFPVlxcblhuVXVtMi9xZ1grcTFjNEZFN0J4K3BGTFBCQkVBb1hodUwzSUZxczlRcGoxZG0wTG1tQjg0UHlFU0JEUzh1WGtcXG5lUWF3UkZHSHhpVzhhT1VnbWcxZ0FRQT1cXG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXFxuXCIsXG4gIFwiY2xpZW50X2VtYWlsXCI6IFwiZ2NycHVsbDJAc3BlZWRzY2FsZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbVwiLFxuICBcImNsaWVudF9pZFwiOiBcIjEwNzc4NTY0MDY5MzQzMzQ1MTc5OFwiLFxuICBcImF1dGhfdXJpXCI6IFwiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tL28vb2F1dGgyL2F1dGhcIixcbiAgXCJ0b2tlbl91cmlcIjogXCJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlblwiLFxuICBcImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybFwiOiBcImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0c1wiLFxuICBcImNsaWVudF94NTA5X2NlcnRfdXJsXCI6IFwiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vcm9ib3QvdjEvbWV0YWRhdGEveDUwOS9nY3JwdWxsMiU0MHNwZWVkc2NhbGUuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb21cIlxufSIsImVtYWlsIjoiZ2NycHVsbEBzcGVlZHNjYWxlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXV0aCI6IlgycHpiMjVmYTJWNU9uc0tJQ0FpZEhsd1pTSTZJQ0p6WlhKMmFXTmxYMkZqWTI5MWJuUWlMQW9nSUNKd2NtOXFaV04wWDJsa0lqb2dJbk53WldWa2MyTmhiR1VpTEFvZ0lDSndjbWwyWVhSbFgydGxlVjlwWkNJNklDSTBNamMxTm1Wa05qVmxOR1JoTjJVeE5qZ3hNams0TVRrNU9EZ3hZbVJtWmpobVpUZzJOV05qSWl3S0lDQWljSEpwZG1GMFpWOXJaWGtpT2lBaUxTMHRMUzFDUlVkSlRpQlFVa2xXUVZSRklFdEZXUzB0TFMwdFhHNU5TVWxGZGxGSlFrRkVRVTVDWjJ0eGFHdHBSemwzTUVKQlVVVkdRVUZUUTBKTFkzZG5aMU5xUVdkRlFVRnZTVUpCVVVNMGNHeDJkMDB4TDNwTk1YbG9YRzVoVUZadlJEQlFaak5NYjBsblRETkRNMnhOTUdNMFRWRk5MMmxzYjJKU1MzTk9iVEExV25SaVZGaFVWR3gzUmtseE9ESkRWbmwyTmxVMlUwaFhNMFYxWEc1b04zSkNXVVZTWkZORWNrdEpNMDAwUlRKWGNERmpkemxPUjBwaE0yNXpXRVpKYUV0R1pUZGxPRkpxZDJ4U1QzWjVlVmd2TVRSUVJXWTNjMDUwYVV4VVhHNXJUeXRpYW5KS2NWUkZhVk5qUWxCWmFGSkVMMFp4UldaaVZrSnZUV0oyYVhaRlEwSkdOblJrYW5FMWNFWXJNRlpuWWs5aFJIWnlhbWRuVVhaMVZuUjFYRzVWWXpsUmNXNVFhRTFDVTNaM2RFNW9PVFpHYzJkbmNuVkZRMU42WjJVeVlUVkpSRTV3WW1Zd2IyVTNaVFZ5Y0ZVMGMwaFNiM2wxWldsT2VVMVpTSHBZWEc1U05DdG9aRVUxTW1jNWNVczNkMWhOSzBkU0wwNUVSMHhTU0RGNE9XRjJORmxpVUZSRk5tYzRhMlJ4WjBKQlduUnpUa3BvTkhCVlNucGpWVll3UTBsWFhHNW1ia1JUWlRaSVJrRm5UVUpCUVVWRFoyZEZRVWhUUkhSUWRuRjZlRGRrVTBKUmNEaE5SRXM0VWpsMldHOTRSRUZJY2xsWk1WSjZiSG8xUVV4VFVVY3hYRzQwWkZJNVR6UnhMMFU0ZFc1M2RITXJPR2h3WTBoS1VXOHhWMEZPWnl0aVlXUXpZMnM0UnpKQ2VURTVhVWQwU1RFd2JVcEpPWFExU25wc2RuUnhhREJRWEc1MVQyWmtlV2xaYTI1U2JsZHFPV3hOYkdvMVRGYzRNVUpPWVZoaGRXTkxRMUYyVEVwM1lsaHJhMnd3TDFVME5raHhkUzkxTm5aaVJXRjVUa0V2U0dGaVhHNVJkQ3RVVG1aYVdrRnZURnBoTkhaMmEzZE1TME5WUmpWSkwzcDJaeXR0VGs4cldWcFpjRmRGZVVJMGRGTnliVEo2WWxwdmVuTjRURlJXZVV4VWRsaFZYRzVKWmtGTllVRTRVa3R5TUd4SVZYWjVXRVp2ZDJsNU4wRjNiVTVzYW5GQ1Fsa3lSa0ZYTTNWeVUzVk9aMVl4ZFhkaFFuUndOMnc1T1N0YWFDdGlLemhQWEc1aGJUVkJLMjVMYVc5Q1RUUk1ibmh3WlhCbE9HNVVhVEZUVVd4cmQxbG9iVE5IU3preVMzSm5jMUZMUW1kUlJIQlliV2RrUms5dWVuSnBlRXBoZEU5bFhHNXJka1EwZVM5bmRscGpVblppZFhRMWNDOUtXWGhhUVZKemVVc3JTRE5VVHpNeWJ5dFBiRTV1SzNCdkx5OXBUeXRKYnpFMFdsRkJTakp0VEUxT0wycElYRzVpTTBoblRtMWFWMmRIUldrMmJsTkJRM1F2WWtsUFlVaDJTSGg1TDBOdFRFd3piVEJVYmpKbk56QlNjVlp0VlVwSU1YWk1RamhWVVdsTlkwWkhRbkEzWEc0MFVIaE9UakY1TmtGalVHOVJWRTlWYVVOUGEwOWxaazU1VVV0Q1oxRkVTMnB1V0ZkVVVUQjRhbU5yTjFwV01pOUdNR0ZoYnpKc2RHVk1Xa2QxUmxkRFhHNHlaMjB3ZEVFck9WRkNNM0pJVEhGV2VIVmljSHAyYVhkM1NISlNSMDVWZEVRNFVYWXdTVmxPZGsxdGRXRXJkWEYwVlhCVldqaE9TMWwxUTNsbVVHZDFYRzV5V1V4cVVIbFZWR3htT0U0eWFYVmtZVkl5WlN0VldEWkNPV0UwZFhCWWFuSkxkV3RrV0RNNFNWbHdabUpMUzBSVFEzWnVaRmx6VDB4MWFpOUdlRFJ5WEc0eVpXMTFaRzh2UTBoUlMwSm5SVk5HYkhSYWNreExTMFJWY21WbU5sWkZXRmhwTHk5WEwyc3llbGN6VjNsTlpHOHlPSHBoTDFsc2F6WjBLMlZTZFV4NlhHNVZURkJETVc1cGFXRmhXU3RxWlc5dVNsSnFhblI0V1hScVNFeG5VVWRxTW5aU05GUmxkM05PUjFCb2VXeFNRaTl2VDJ0eWFVOVVNRWxEY0ROQ1p5czNYRzVQWlZsTFdXWk1aVXhzTVRKNmNWaFhSV3hNVlVScVdHcHZNbEpKYUc5Wk0wMXVNMDV6Y1d4bVIxWklXbmw2V21sdWRYZzJiME5wV2tGdlIwRmtiMlI1WEc1elVuRmFhemwyVTFjMk1YWmtSR3BqYldaVWVEVndkSGx1YlU5VWRHMVNPSFJZSzBGcWJFRk5jMlEwTXpKU2JIaFhibEpCTVhJeGNtOVNkMVU0Y1RrNVhHNU5SRmR1YmtSYVZFWnVkMVZvWlhCalQzQlJWbXhXZGxNdlRqbG5TVFJDY0ZSVE1WRk9kWFphVDI1UWJXWmtRbUpCZDBndlZIUmFlbU5rYms1cFJrMXpYRzVvWVc5NlRrOHdlbTFoT1hGVlkxSlVNMHhtVG5wV2FuRkJkM1V5U0doalFWSmFWV1ptYjJ0RFoxbEZRV2RoVkVaaGIxZG5iRU5PYXpadFUwSmxTWFIyWEc1V05URTNjRTVJV1ZkNGVXbEhPWEJNTWtoUlRFVjRPSEIyUjFaa1duVjFTVTQwZDBaMlRYZFROR1YyYlZWNVkzUjJhUzh5WnpaSFVWZDFMMmRoUVU5V1hHNVlibFYxYlRJdmNXZFlLM0V4WXpSR1JUZENlQ3R3Umt4UVFrSkZRVzlZYUhWTU0wbEdjWE01VVhCcU1XUnRNRXh0YlVJNE5GQjVSVk5DUkZNNGRWaHJYRzVsVVdGM1VrWkhTSGhwVnpoaFQxVm5iV2N4WjBGUlFUMWNiaTB0TFMwdFJVNUVJRkJTU1ZaQlZFVWdTMFZaTFMwdExTMWNiaUlzQ2lBZ0ltTnNhV1Z1ZEY5bGJXRnBiQ0k2SUNKblkzSndkV3hzTWtCemNHVmxaSE5qWVd4bExtbGhiUzVuYzJWeWRtbGpaV0ZqWTI5MWJuUXVZMjl0SWl3S0lDQWlZMnhwWlc1MFgybGtJam9nSWpFd056YzROVFkwTURZNU16UXpNelExTVRjNU9DSXNDaUFnSW1GMWRHaGZkWEpwSWpvZ0ltaDBkSEJ6T2k4dllXTmpiM1Z1ZEhNdVoyOXZaMnhsTG1OdmJTOXZMMjloZFhSb01pOWhkWFJvSWl3S0lDQWlkRzlyWlc1ZmRYSnBJam9nSW1oMGRIQnpPaTh2YjJGMWRHZ3lMbWR2YjJkc1pXRndhWE11WTI5dEwzUnZhMlZ1SWl3S0lDQWlZWFYwYUY5d2NtOTJhV1JsY2w5NE5UQTVYMk5sY25SZmRYSnNJam9nSW1oMGRIQnpPaTh2ZDNkM0xtZHZiMmRzWldGd2FYTXVZMjl0TDI5aGRYUm9NaTkyTVM5alpYSjBjeUlzQ2lBZ0ltTnNhV1Z1ZEY5NE5UQTVYMk5sY25SZmRYSnNJam9nSW1oMGRIQnpPaTh2ZDNkM0xtZHZiMmRzWldGd2FYTXVZMjl0TDNKdlltOTBMM1l4TDIxbGRHRmtZWFJoTDNnMU1Ea3ZaMk55Y0hWc2JESWxOREJ6Y0dWbFpITmpZV3hsTG1saGJTNW5jMlZ5ZG1salpXRmpZMjkxYm5RdVkyOXRJZ3A5In19fQ== +kind: Secret +metadata: + creationTimestamp: null + name: speedscale-gcrcreds + namespace: {{ .Release.Namespace }} +type: kubernetes.io/dockerconfigjson +--- +apiVersion: v1 +data: + SPEEDSCALE_API_KEY: {{ .Values.apiKey | b64enc }} + SPEEDSCALE_APP_URL: {{ .Values.appUrl | b64enc }} +kind: Secret +metadata: + creationTimestamp: null + name: speedscale-apikey + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/packages/speedscale-operator/charts/templates/services.yaml b/packages/speedscale-operator/charts/templates/services.yaml new file mode 100644 index 000000000..d6169bbf3 --- /dev/null +++ b/packages/speedscale-operator/charts/templates/services.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app: speedscale-operator + controlplane.speedscale.com/component: operator + name: speedscale-operator + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app: speedscale-operator + controlplane.speedscale.com/component: operator +status: + loadBalancer: {} diff --git a/packages/speedscale-operator/charts/templates/tls.yaml b/packages/speedscale-operator/charts/templates/tls.yaml new file mode 100644 index 000000000..54404314f --- /dev/null +++ b/packages/speedscale-operator/charts/templates/tls.yaml @@ -0,0 +1,25 @@ +{{- $crt := "" -}} +{{- $key := "" -}} +{{- $s := (lookup "v1" "Secret" .Release.Namespace "speedscale-certs") -}} +{{- if $s -}} +{{- $crt = index $s.data "tls.crt" | b64dec -}} +{{- $key = index $s.data "tls.key" | b64dec -}} +{{ else }} +{{- $cert := genCA "Speedscale" 3650 -}} +{{- $crt = $cert.Cert -}} +{{- $key = $cert.Key -}} +{{- end -}} +--- +apiVersion: v1 +data: + tls.crt: {{ $crt | b64enc }} + tls.key: {{ $key | b64enc }} +kind: Secret +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + name: speedscale-certs + namespace: {{ .Release.Namespace }} +type: kubernetes.io/tls diff --git a/packages/speedscale-operator/charts/values.yaml b/packages/speedscale-operator/charts/values.yaml new file mode 100644 index 000000000..e0aab2836 --- /dev/null +++ b/packages/speedscale-operator/charts/values.yaml @@ -0,0 +1,35 @@ +# An API key is required to connect to the Speedscale cloud. +# If you need a key email support@speedscale.com. +apiKey: "" +# Speedscale domain to use. +appUrl: "app.speedscale.com" + +# The name of your cluster. +clusterName: "my-cluster" + +# Speedscale components image settings. +image: + registry: gcr.io/speedscale + tag: v1.0.29 + pullPolicy: Always + +# Log level for Speedscale components. +logLevel: "info" + +# Namespaces to be watched by Speedscale Operator. +namespaceSelector: {} + +# Instructs operator to deploy resources necessary to interact with your cluster from the Speedscale dashboard. +dashboardAccess: true + +# Filter Rule to apply to the Speedscale Forwarder +filterRule: "standard" + +# Data Loss Prevention settings. +dlp: + + # Instructs operator to enable data loss prevention features + enabled: false + + # Configuration for data loss prevention + config: "standard" diff --git a/packages/speedscale-operator/package.yaml b/packages/speedscale-operator/package.yaml index 60c244b40..33b64923c 100644 --- a/packages/speedscale-operator/package.yaml +++ b/packages/speedscale-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/speedscale/operator-helm/raw/main/speedscale-operator-0.11.43.tgz +url: https://github.com/speedscale/operator-helm/raw/main/speedscale-operator-1.0.3.tgz packageVersion: 00