This repository has been archived by the owner on Dec 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 48
/
openshift.yaml
612 lines (612 loc) · 20.9 KB
/
openshift.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent-operator
namespace: dynatrace
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent
namespace: dynatrace
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
---
apiVersion: v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
name: dynatrace-oneagent-privileged
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- "*"
allowedFlexVolumes: null
defaultAddCapabilities: null
fsGroup:
type: RunAsAny
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities: null
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:dynatrace:dynatrace-oneagent
volumes:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-oneagent-operator
namespace: dynatrace
labels:
dynatrace: operator
operator: oneagent
rules:
- apiGroups:
- dynatrace.com
resources:
- oneagents
verbs:
- get
- list
- watch
- update
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- pods
verbs:
- get
- list
- watch
- delete
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- "" # "" indicates the core API group
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- dynatrace.com
resources:
- oneagents/finalizers
- oneagents/status
verbs:
- update
- apiGroups:
- networking.istio.io
resources:
- serviceentries
- virtualservices
verbs:
- get
- list
- create
- update
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dynatrace-oneagent-operator
namespace: dynatrace
labels:
dynatrace: operator
operator: oneagent
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-operator
roleRef:
kind: Role
name: dynatrace-oneagent-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: oneagents.dynatrace.com
spec:
additionalPrinterColumns:
- JSONPath: .spec.apiUrl
name: ApiUrl
type: string
- JSONPath: .spec.tokens
name: Tokens
type: string
- JSONPath: .status.version
name: Version
type: string
- JSONPath: .status.phase
name: Phase
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: dynatrace.com
names:
kind: OneAgent
listKind: OneAgentList
plural: oneagents
singular: oneagent
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Dyantrace OneAgent for full-stack monitoring
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OneAgentSpec defines the desired state of OneAgent
properties:
apiUrl:
description: Location of the Dynatrace API to connect to, including
your specific environment ID
type: string
args:
description: 'Optional: Arguments to the OneAgent installer'
items:
type: string
type: array
disableAgentUpdate:
description: Disable automatic restarts of OneAgent pods in case a new
version is available
type: boolean
dnsPolicy:
description: 'Optional: Sets DNS Policy for the OneAgent pods'
type: string
enableIstio:
description: If enabled, Istio on the cluster will be configured automatically
to allow access to the Dynatrace environment
type: boolean
env:
description: 'Optional: List of environment variables to set for the
installer'
items:
description: EnvVar represents an environment variable present in
a Container.
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded using
the previous defined environment variables in the container
and any service environment variables. If a variable cannot
be resolved, the reference in the input string will be unchanged.
The $(VAR_NAME) syntax can be escaped with a double $$, ie:
$$(VAR_NAME). Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value. Cannot
be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, metadata.labels, metadata.annotations,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.'
properties:
apiVersion:
description: Version of the schema the FieldPath is written
in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only resources
limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes, optional
for env vars'
type: string
divisor:
description: Specifies the output format of the exposed
resources, defaults to "1"
type: string
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: 'Optional: the Dynatrace installer container image Defaults
to docker.io/dynatrace/oneagent:latest for Kubernetes and to registry.connect.redhat.com/dynatrace/oneagent
for OpenShift'
type: string
labels:
additionalProperties:
type: string
description: 'Optional: Adds additional labels for the OneAgent pods'
type: object
nodeSelector:
additionalProperties:
type: string
description: Node selector to control the selection of nodes (optional)
type: object
priorityClassName:
description: 'Optional: If specified, indicates the pod''s priority.
Name must be defined by creating a PriorityClass object with that
name. If not specified the setting will be removed from the DaemonSet.'
type: string
proxy:
description: 'Optional: Set custom proxy settings either directly or
from a secret with the field ''proxy'''
properties:
value:
type: string
valueFrom:
type: string
type: object
resources:
description: 'Optional: define resources requests and limits for single
pods'
properties:
limits:
additionalProperties:
type: string
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
type: string
description: 'Requests describes the minimum amount of compute resources
required. If Requests is omitted for a container, it defaults
to Limits if that is explicitly specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
serviceAccountName:
description: 'Optional: set custom Service Account Name used with OneAgent
pods'
type: string
skipCertCheck:
description: Disable certificate validation checks for installer download
and API communication
type: boolean
tokens:
description: Credentials for the OneAgent to connect back to Dynatrace.
type: string
tolerations:
description: 'Optional: set tolerations for the OneAgent pods'
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple <key,value,effect> using the matching
operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match. Empty
means match all taint effects. When specified, allowed values
are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty, operator
must be Exists; this combination means to match all values and
all keys.
type: string
operator:
description: Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal. Exists
is equivalent to wildcard for value, so that a pod can tolerate
all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time the
toleration (which must be of effect NoExecute, otherwise this
field is ignored) tolerates the taint. By default, it is not
set, which means tolerate the taint forever (do not evict).
Zero and negative values will be treated as 0 (evict immediately)
by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise
just a regular string.
type: string
type: object
type: array
trustedCAs:
description: 'Optional: Adds custom RootCAs from a configmap'
type: string
waitReadySeconds:
description: 'Optional: Defines the time to wait until OneAgent pod
is ready after update - default 300 sec'
minimum: 0
type: integer
required:
- apiUrl
type: object
status:
description: OneAgentStatus defines the observed state of OneAgent
properties:
conditions:
items:
properties:
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
required:
- message
- reason
- status
- type
type: object
type: array
instances:
additionalProperties:
properties:
ipAddress:
type: string
podName:
type: string
version:
type: string
type: object
type: object
lastAPITokenProbeTimestamp:
description: LastAPITokenProbeTimestamp tracks when the last request
for the API token validity was sent.
format: date-time
type: string
lastPaaSTokenProbeTimestamp:
description: LastPaaSTokenProbeTimestamp tracks when the last request
for the PaaS token validity was sent.
format: date-time
type: string
phase:
description: Defines the current state (Running, Updating, Error, ...)
type: string
updatedTimestamp:
description: The timestamp when the instance was last updated
format: date-time
type: string
version:
description: Dynatrace version being used.
type: string
type: object
required:
- spec
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dynatrace-oneagent-operator
namespace: dynatrace
labels:
dynatrace: operator
operator: oneagent
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
name: dynatrace-oneagent-operator
strategy:
type: Recreate
template:
metadata:
labels:
name: dynatrace-oneagent-operator
dynatrace: operator
operator: oneagent
spec:
containers:
- name: dynatrace-oneagent-operator
image: registry.connect.redhat.com/dynatrace/dynatrace-oneagent-operator:v0.7.1
imagePullPolicy: Always
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RELATED_IMAGE_DYNATRACE_ONEAGENT
value: registry.connect.redhat.com/dynatrace/oneagent
ports:
- containerPort: 60000
name: metrics
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 100m
memory: 256Mi
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: kubernetes.io/os
operator: In
values:
- linux
serviceAccountName: dynatrace-oneagent-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-oneagent-operator
labels:
dynatrace: operator
operator: oneagent
rules:
- apiGroups:
- "" # "" indicates the core API group
resources:
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-oneagent-operator
labels:
dynatrace: operator
operator: oneagent
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-operator
namespace: dynatrace
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-operator
apiGroup: rbac.authorization.k8s.io