From 5283b7beb6e29fdf81df4bffb848bf0eb48ce47a Mon Sep 17 00:00:00 2001 From: Andrey Melnikov Date: Thu, 28 Oct 2021 16:08:31 -0700 Subject: [PATCH] fix: add missing manifests and incorrect cvat_1.6.0 version name in metadata --- .../workspaces/cvat_1_6_0/20211028205201.yaml | 2 +- manifest/abs/deployment.json | 63 +++++++ manifest/abs/service.json | 19 ++ manifest/clusterrolebinding-models.json | 19 ++ ...-onepanel-namespaces-defaultnamespace.json | 22 +++ .../configmap-onepanel-defaultnamespace.json | 11 ++ manifest/gcs/deployment.json | 83 +++++++++ manifest/gcs/service.json | 19 ++ manifest/kfserving/secret.json | 19 ++ ...tworkpolicy-onepanel-defaultnamespace.json | 41 +++++ manifest/role-onepanel-defaultnamespace.json | 167 ++++++++++++++++++ ...rolebinding-onepanel-defaultnamespace.json | 28 +++ ...onepanel-default-env-defaultnamespace.json | 9 + .../secret-onepanel-defaultnamespace.json | 21 +++ manifest/service-account.json | 8 + manifest/service-minio-onepanel.json | 37 ++++ 16 files changed, 567 insertions(+), 1 deletion(-) create mode 100644 manifest/abs/deployment.json create mode 100644 manifest/abs/service.json create mode 100644 manifest/clusterrolebinding-models.json create mode 100644 manifest/clusterrolebinding-onepanel-namespaces-defaultnamespace.json create mode 100644 manifest/configmap-onepanel-defaultnamespace.json create mode 100644 manifest/gcs/deployment.json create mode 100644 manifest/gcs/service.json create mode 100644 manifest/kfserving/secret.json create mode 100644 manifest/networkpolicy-onepanel-defaultnamespace.json create mode 100644 manifest/role-onepanel-defaultnamespace.json create mode 100644 manifest/rolebinding-onepanel-defaultnamespace.json create mode 100644 manifest/secret-onepanel-default-env-defaultnamespace.json create mode 100644 manifest/secret-onepanel-defaultnamespace.json create mode 100644 manifest/service-account.json create mode 100644 manifest/service-minio-onepanel.json diff --git a/db/yaml/workspaces/cvat_1_6_0/20211028205201.yaml b/db/yaml/workspaces/cvat_1_6_0/20211028205201.yaml index 0b404f8..1268a11 100644 --- a/db/yaml/workspaces/cvat_1_6_0/20211028205201.yaml +++ b/db/yaml/workspaces/cvat_1_6_0/20211028205201.yaml @@ -1,5 +1,5 @@ metadata: - name: CVAT + name: CVAT_1.6.0 kind: Workspace version: 20211028205201 action: create diff --git a/manifest/abs/deployment.json b/manifest/abs/deployment.json new file mode 100644 index 0000000..0fd064a --- /dev/null +++ b/manifest/abs/deployment.json @@ -0,0 +1,63 @@ +{ + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "minio-gateway", + "namespace": "$(applicationDefaultNamespace)" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "minio-gateway" + } + }, + "template": { + "metadata": { + "labels": { + "app": "minio-gateway" + }, + "annotations": { + "sidecar.istio.io/inject": "false" + } + }, + "spec": { + "containers": [ + { + "name": "minio-gateway", + "image": "minio/minio:RELEASE.2021-06-17T00-10-46Z.hotfix.49f6035b1", + "args": [ + "gateway", + "azure" + ], + "env": [ + { + "name": "MINIO_ACCESS_KEY", + "valueFrom": { + "secretKeyRef": { + "name": "onepanel", + "key": "artifactRepositoryS3AccessKey" + } + } + }, + { + "name": "MINIO_SECRET_KEY", + "valueFrom": { + "secretKeyRef": { + "name": "onepanel", + "key": "artifactRepositoryS3SecretKey" + } + } + } + ], + "ports": [ + { + "containerPort": 9000 + } + ] + } + ] + } + } + } +} \ No newline at end of file diff --git a/manifest/abs/service.json b/manifest/abs/service.json new file mode 100644 index 0000000..3f286f8 --- /dev/null +++ b/manifest/abs/service.json @@ -0,0 +1,19 @@ +{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "minio-gateway", + "namespace": "$(applicationDefaultNamespace)" + }, + "spec": { + "selector": { + "app": "minio-gateway" + }, + "ports": [ + { + "port": 9000, + "targetPort": 9000 + } + ] + } +} \ No newline at end of file diff --git a/manifest/clusterrolebinding-models.json b/manifest/clusterrolebinding-models.json new file mode 100644 index 0000000..4a4ffbf --- /dev/null +++ b/manifest/clusterrolebinding-models.json @@ -0,0 +1,19 @@ +{ + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "name": "onepanel-kfserving-$(applicationDefaultNamespace)" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "$(applicationDefaultNamespace)", + "namespace": "$(applicationDefaultNamespace)" + } + ], + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "onepanel-models" + } +} \ No newline at end of file diff --git a/manifest/clusterrolebinding-onepanel-namespaces-defaultnamespace.json b/manifest/clusterrolebinding-onepanel-namespaces-defaultnamespace.json new file mode 100644 index 0000000..36325f4 --- /dev/null +++ b/manifest/clusterrolebinding-onepanel-namespaces-defaultnamespace.json @@ -0,0 +1,22 @@ +{ + "apiVersion": "rbac.authorization.k8s.io/v1beta1", + "kind": "ClusterRoleBinding", + "metadata": { + "labels": { + "app": "onepanel" + }, + "name": "onepanel-namespaces" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "onepanel-namespaces" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "$(applicationDefaultNamespace)", + "namespace": "$(applicationDefaultNamespace)" + } + ] +} \ No newline at end of file diff --git a/manifest/configmap-onepanel-defaultnamespace.json b/manifest/configmap-onepanel-defaultnamespace.json new file mode 100644 index 0000000..dd58e8a --- /dev/null +++ b/manifest/configmap-onepanel-defaultnamespace.json @@ -0,0 +1,11 @@ +{ + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "onepanel", + "namespace": "$(applicationDefaultNamespace)" + }, + "data": { + "artifactRepository": "archiveLogs: true\n$(artifactRepositoryProvider)\n" + } +} \ No newline at end of file diff --git a/manifest/gcs/deployment.json b/manifest/gcs/deployment.json new file mode 100644 index 0000000..3ba2fae --- /dev/null +++ b/manifest/gcs/deployment.json @@ -0,0 +1,83 @@ +{ + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "minio-gateway", + "namespace": "$(applicationDefaultNamespace)" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "minio-gateway" + } + }, + "template": { + "metadata": { + "labels": { + "app": "minio-gateway" + }, + "annotations": { + "sidecar.istio.io/inject": "false" + } + }, + "spec": { + "containers": [ + { + "name": "minio-gateway", + "image": "minio/minio:RELEASE.2021-06-17T00-10-46Z.hotfix.49f6035b1", + "volumeMounts": [ + { + "name": "gcs-credentials", + "mountPath": "/etc/gcs", + "readOnly": true + } + ], + "args": [ + "gateway", + "gcs" + ], + "env": [ + { + "name": "MINIO_ACCESS_KEY", + "valueFrom": { + "secretKeyRef": { + "name": "onepanel", + "key": "artifactRepositoryS3AccessKey" + } + } + }, + { + "name": "MINIO_SECRET_KEY", + "valueFrom": { + "secretKeyRef": { + "name": "onepanel", + "key": "artifactRepositoryS3SecretKey" + } + } + }, + { + "name": "GOOGLE_APPLICATION_CREDENTIALS", + "value": "/etc/gcs/credentials.json" + } + ] + } + ], + "volumes": [ + { + "name": "gcs-credentials", + "projected": { + "sources": [ + { + "secret": { + "name": "artifact-repository-gcs-credentials" + } + } + ] + } + } + ] + } + } + } +} \ No newline at end of file diff --git a/manifest/gcs/service.json b/manifest/gcs/service.json new file mode 100644 index 0000000..3f286f8 --- /dev/null +++ b/manifest/gcs/service.json @@ -0,0 +1,19 @@ +{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "minio-gateway", + "namespace": "$(applicationDefaultNamespace)" + }, + "spec": { + "selector": { + "app": "minio-gateway" + }, + "ports": [ + { + "port": 9000, + "targetPort": 9000 + } + ] + } +} \ No newline at end of file diff --git a/manifest/kfserving/secret.json b/manifest/kfserving/secret.json new file mode 100644 index 0000000..efcea4c --- /dev/null +++ b/manifest/kfserving/secret.json @@ -0,0 +1,19 @@ +{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "kfserving-storage", + "namespace": "$(applicationDefaultNamespace)", + "annotations": { + "serving.kubeflow.org/s3-endpoint": "$(artifactRepositoryS3Endpoint)", + "serving.kubeflow.org/s3-usehttps": "0", + "serving.kubeflow.org/s3-region": "$(artifactRepositoryS3Region)", + "serving.kubeflow.org/s3-useanoncredential": "false" + } + }, + "type": "Opaque", + "data": { + "AWS_ACCESS_KEY_ID": "$(artifactRepositoryS3AccessKey)", + "AWS_SECRET_ACCESS_KEY": "$(artifactRepositoryS3SecretKey)" + } +} \ No newline at end of file diff --git a/manifest/networkpolicy-onepanel-defaultnamespace.json b/manifest/networkpolicy-onepanel-defaultnamespace.json new file mode 100644 index 0000000..c105836 --- /dev/null +++ b/manifest/networkpolicy-onepanel-defaultnamespace.json @@ -0,0 +1,41 @@ +{ + "apiVersion": "networking.k8s.io/v1", + "kind": "NetworkPolicy", + "metadata": { + "labels": { + "app": "onepanel" + }, + "name": "onepanel", + "namespace": "$(applicationDefaultNamespace)" + }, + "spec": { + "egress": [ + { + "to": [ + { + "ipBlock": { + "cidr": "0.0.0.0/0", + "except": [ + "169.254.169.254/32" + ] + } + } + ] + } + ], + "ingress": [ + { + "from": [ + { + "namespaceSelector": { + "matchLabels": { + "app.kubernetes.io/part-of": "onepanel" + } + } + } + ] + } + ], + "podSelector": {} + } +} \ No newline at end of file diff --git a/manifest/role-onepanel-defaultnamespace.json b/manifest/role-onepanel-defaultnamespace.json new file mode 100644 index 0000000..2ddd11f --- /dev/null +++ b/manifest/role-onepanel-defaultnamespace.json @@ -0,0 +1,167 @@ +{ + "apiVersion": "rbac.authorization.k8s.io/v1beta1", + "kind": "Role", + "metadata": { + "labels": { + "app": "onepanel" + }, + "name": "onepanel", + "namespace": "$(applicationDefaultNamespace)" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "pods/log" + ], + "verbs": [ + "get", + "watch", + "patch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims", + "services", + "secrets" + ], + "verbs": [ + "get", + "watch", + "list", + "create", + "update", + "patch", + "delete" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "statefulsets", + "deployments" + ], + "verbs": [ + "get", + "watch", + "list", + "create", + "update", + "patch", + "delete" + ] + }, + { + "apiGroups": [ + "networking.istio.io" + ], + "resources": [ + "virtualservices" + ], + "verbs": [ + "get", + "watch", + "list", + "create", + "update", + "patch", + "delete" + ] + }, + { + "apiGroups": [ + "argoproj.io" + ], + "resources": [ + "workflows", + "workflowtemplates", + "cronworkflows" + ], + "verbs": [ + "get", + "watch", + "list", + "create", + "update", + "patch", + "delete" + ] + }, + { + "apiGroups": [ + "onepanel.io" + ], + "resources": [ + "workspaces" + ], + "verbs": [ + "get", + "watch", + "list", + "create", + "update", + "patch", + "delete" + ] + }, + { + "apiGroups": [ + "onepanel.io" + ], + "resources": [ + "services" + ], + "verbs": [ + "get", + "watch", + "list", + "create", + "update", + "patch", + "delete" + ] + }, + { + "apiGroups": [ + "serving.kubeflow.org" + ], + "resources": [ + "inferenceservices" + ], + "verbs": [ + "get", + "watch", + "list", + "create", + "update", + "patch", + "delete" + ] + }, + { + "apiGroups": [""], + "resources": ["onepanel-service"], + "verbs": ["get", "watch", "list"] + } + ] +} \ No newline at end of file diff --git a/manifest/rolebinding-onepanel-defaultnamespace.json b/manifest/rolebinding-onepanel-defaultnamespace.json new file mode 100644 index 0000000..55e11c1 --- /dev/null +++ b/manifest/rolebinding-onepanel-defaultnamespace.json @@ -0,0 +1,28 @@ +{ + "apiVersion": "rbac.authorization.k8s.io/v1beta1", + "kind": "RoleBinding", + "metadata": { + "labels": { + "app": "onepanel" + }, + "name": "onepanel", + "namespace": "$(applicationDefaultNamespace)" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Role", + "name": "onepanel" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "default", + "namespace": "$(applicationDefaultNamespace)" + }, + { + "kind": "ServiceAccount", + "name": "$(applicationDefaultNamespace)", + "namespace": "$(applicationDefaultNamespace)" + } + ] +} \ No newline at end of file diff --git a/manifest/secret-onepanel-default-env-defaultnamespace.json b/manifest/secret-onepanel-default-env-defaultnamespace.json new file mode 100644 index 0000000..81bfd45 --- /dev/null +++ b/manifest/secret-onepanel-default-env-defaultnamespace.json @@ -0,0 +1,9 @@ +{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "onepanel-default-env", + "namespace": "$(applicationDefaultNamespace)" + }, + "type": "Opaque" +} \ No newline at end of file diff --git a/manifest/secret-onepanel-defaultnamespace.json b/manifest/secret-onepanel-defaultnamespace.json new file mode 100644 index 0000000..7826bd4 --- /dev/null +++ b/manifest/secret-onepanel-defaultnamespace.json @@ -0,0 +1,21 @@ +{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "onepanel", + "namespace": "$(applicationDefaultNamespace)", + "labels": { + "app.kubernetes.io/component": "onepanel", + "app.kubernetes.io/instance": "onepanel-v0.5.0", + "app.kubernetes.io/managed-by": "onepanel-cli", + "app.kubernetes.io/name": "onepanel", + "app.kubernetes.io/part-of": "onepanel", + "app.kubernetes.io/version": "v0.5.0" + } + }, + "data": { + "artifactRepositoryS3AccessKey": "$(artifactRepositoryS3AccessKey)", + "artifactRepositoryS3SecretKey": "$(artifactRepositoryS3SecretKey)" + }, + "type": "Opaque" +} \ No newline at end of file diff --git a/manifest/service-account.json b/manifest/service-account.json new file mode 100644 index 0000000..cf6907f --- /dev/null +++ b/manifest/service-account.json @@ -0,0 +1,8 @@ +{ + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "$(applicationDefaultNamespace)", + "namespace": "$(applicationDefaultNamespace)" + } +} \ No newline at end of file diff --git a/manifest/service-minio-onepanel.json b/manifest/service-minio-onepanel.json new file mode 100644 index 0000000..403bc56 --- /dev/null +++ b/manifest/service-minio-onepanel.json @@ -0,0 +1,37 @@ +{ + "apiVersion": "networking.istio.io/v1alpha3", + "kind": "VirtualService", + "metadata": { + "name": "minio", + "namespace": "$(applicationDefaultNamespace)" + }, + "spec": { + "hosts": [ + "sys-storage-$(applicationDefaultNamespace).$(applicationDomain)" + ], + "gateways": [ + "istio-system/ingressgateway" + ], + "http": [ + { + "match": [ + { + "uri": { + "prefix": "/" + } + } + ], + "route": [ + { + "destination": { + "port": { + "number": 9000 + }, + "host": "minio-gateway.$(applicationDefaultNamespace).svc.cluster.local" + } + } + ] + } + ] + } +} \ No newline at end of file