From d49917b3f7ca38d90bf9eb2c71e9fa4f91b0bbe7 Mon Sep 17 00:00:00 2001 From: ubombar Date: Mon, 17 Apr 2023 17:10:33 +0200 Subject: [PATCH] Rollout new release multi-tenancy --- build/yamls/kubernetes/multi-tenancy.yaml | 200 ++++++++++++++++++++-- 1 file changed, 186 insertions(+), 14 deletions(-) diff --git a/build/yamls/kubernetes/multi-tenancy.yaml b/build/yamls/kubernetes/multi-tenancy.yaml index c6bc9461..753a3328 100644 --- a/build/yamls/kubernetes/multi-tenancy.yaml +++ b/build/yamls/kubernetes/multi-tenancy.yaml @@ -11,6 +11,107 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + edge-net.io/generated: "true" + name: edgenet:tenant-owner +rules: +- apiGroups: + - core.edgenet.io + resources: + - subnamespaces + verbs: + - '*' +- apiGroups: + - core.edgenet.io + resources: + - subnamespaces/status + verbs: + - get + - list + - watch +- apiGroups: + - apps.edgenet.io + resources: + - selectivedeployments + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - pods + - pods/exec + - pods/log + - pods/attach + - pods/portforward + - replicationcontrollers + - services + - secrets + - serviceaccounts + verbs: + - '*' +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - '*' +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - ingresses + - networkpolicies + - replicasets + - replicationcontrollers + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + - controllerrevisions + verbs: + - get + - list + - watch +--- apiVersion: v1 kind: Namespace metadata: @@ -128,6 +229,11 @@ spec: type: string message: type: string + child: + type: string + nullable: true + failed: + type: integer scope: Namespaced names: plural: subnamespaces @@ -235,6 +341,8 @@ spec: type: string message: type: string + failed: + type: integer scope: Cluster names: plural: tenants @@ -354,6 +462,8 @@ spec: notified: type: boolean default: false + failed: + type: integer scope: Cluster names: plural: tenantrequests @@ -403,6 +513,8 @@ spec: type: string message: type: string + failed: + type: integer scope: Cluster names: plural: tenantresourcequotas @@ -489,6 +601,8 @@ spec: notified: type: boolean default: false + failed: + type: integer scope: Namespaced names: plural: rolerequests @@ -564,6 +678,8 @@ spec: notified: type: boolean default: false + failed: + type: integer scope: Cluster names: plural: clusterrolerequests @@ -645,6 +761,8 @@ spec: type: string message: type: string + failed: + type: integer scope: Namespaced names: plural: sliceclaims @@ -724,6 +842,8 @@ spec: type: string format: dateTime nullable: true + failed: + type: integer scope: Cluster names: plural: slices @@ -837,9 +957,16 @@ spec: containers: - command: - ./subnamespace - image: edgenetio/subnamespace:main + image: edgenetio/subnamespace:v1.0.0-alpha.5 imagePullPolicy: Always name: subnamespace + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -979,9 +1106,16 @@ spec: containers: - command: - ./tenant - image: edgenetio/tenant:main + image: edgenetio/tenant:v1.0.0-alpha.5 imagePullPolicy: Always name: tenant + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -1121,9 +1255,16 @@ spec: containers: - command: - ./tenantrequest - image: edgenetio/tenantrequest:main + image: edgenetio/tenantrequest:v1.0.0-alpha.5 imagePullPolicy: Always name: tenantrequest + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -1215,9 +1356,16 @@ spec: containers: - command: - ./tenantresourcequota - image: edgenetio/tenantresourcequota:main + image: edgenetio/tenantresourcequota:v1.0.0-alpha.5 imagePullPolicy: Always name: tenantresourcequota + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -1348,9 +1496,16 @@ spec: containers: - command: - ./rolerequest - image: edgenetio/rolerequest:main + image: edgenetio/rolerequest:v1.0.0-alpha.5 imagePullPolicy: Always name: rolerequest + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -1481,9 +1636,16 @@ spec: containers: - command: - ./clusterrolerequest - image: edgenetio/clusterrolerequest:main + image: edgenetio/clusterrolerequest:v1.0.0-alpha.5 imagePullPolicy: Always name: clusterrolerequest + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -1519,7 +1681,7 @@ rules: resources: ["sliceclaims", "sliceclaims/status", "slices", "slices/status"] verbs: ["*"] - apiGroups: ["core.edgenet.io"] - resources: ["subnamespaces"] + resources: ["subnamespaces", "tenants"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["core.edgenet.io"] resources: ["subnamespaces/status"] @@ -1575,9 +1737,16 @@ spec: containers: - command: - ./sliceclaim - image: edgenetio/sliceclaim:main + image: edgenetio/sliceclaim:v1.0.0-alpha.5 imagePullPolicy: Always name: sliceclaim + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -1591,10 +1760,6 @@ spec: key: node-role.kubernetes.io/control-plane - effect: NoSchedule key: node.kubernetes.io/unschedulable - volumes: - - name: configs - secret: - secretName: configs-secret --- apiVersion: v1 kind: ServiceAccount @@ -1673,9 +1838,16 @@ spec: containers: - command: - ./slice - image: edgenetio/slice:main + image: edgenetio/slice:v1.0.0-alpha.5 imagePullPolicy: Always name: slice + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "100m" priorityClassName: system-cluster-critical nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -1880,7 +2052,7 @@ spec: spec: containers: - name: admission-control-webhook - image: edgenetio/admissioncontrol:main + image: edgenetio/admissioncontrol:v1.0.0-alpha.5 imagePullPolicy: Always ports: - containerPort: 443