diff --git a/charts/litmus-agent/Chart.yaml b/charts/litmus-agent/Chart.yaml index 74925e52..dc4f63d7 100644 --- a/charts/litmus-agent/Chart.yaml +++ b/charts/litmus-agent/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "3.6.0" +appVersion: "3.7.0" description: A Helm chart to install litmus agent name: litmus-agent -version: 3.6.1 +version: 3.7.0 kubeVersion: ">=1.16.0-0" home: https://litmuschaos.io sources: @@ -21,16 +21,16 @@ maintainers: icon: https://raw.githubusercontent.com/litmuschaos/icons/master/litmus.png dependencies: - name: chaos-operator - version: 3.6.1 + version: 3.7.0 condition: chaos-operator.enabled - name: chaos-exporter - version: 3.6.1 + version: 3.7.0 condition: chaos-exporter.enabled - name: event-tracker - version: 3.6.1 + version: 3.7.0 condition: event-tracker.enabled - name: subscriber - version: 3.6.1 + version: 3.7.0 condition: subscriber.enabled - name: workflow-controller version: 0.2.1 diff --git a/charts/litmus-agent/README.md b/charts/litmus-agent/README.md index 7620d2f8..911c3158 100644 --- a/charts/litmus-agent/README.md +++ b/charts/litmus-agent/README.md @@ -1,6 +1,6 @@ # litmus-agent -![Version: 3.6.1](https://img.shields.io/badge/Version-3.6.1-informational?style=flat-square) ![AppVersion: 3.6.0](https://img.shields.io/badge/AppVersion-3.6.0-informational?style=flat-square) +![Version: 3.7.0](https://img.shields.io/badge/Version-3.7.0-informational?style=flat-square) ![AppVersion: 3.7.0](https://img.shields.io/badge/AppVersion-3.7.0-informational?style=flat-square) A Helm chart to install litmus agent @@ -24,10 +24,10 @@ Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| -| | chaos-exporter | 3.6.1 | -| | chaos-operator | 3.6.1 | -| | event-tracker | 3.6.1 | -| | subscriber | 3.6.1 | +| | chaos-exporter | 3.7.0 | +| | chaos-operator | 3.7.0 | +| | event-tracker | 3.7.0 | +| | subscriber | 3.7.0 | | | workflow-controller | 0.2.1 | ## Installing the Chart diff --git a/charts/litmus-agent/charts/chaos-exporter/Chart.yaml b/charts/litmus-agent/charts/chaos-exporter/Chart.yaml index 83c642b5..ea667e5f 100644 --- a/charts/litmus-agent/charts/chaos-exporter/Chart.yaml +++ b/charts/litmus-agent/charts/chaos-exporter/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "3.6.0" +appVersion: "3.7.0" description: A Helm chart to install chaos-exporter name: chaos-exporter -version: 3.6.1 +version: 3.7.0 kubeVersion: ">=1.16.0-0" home: https://litmuschaos.io sources: diff --git a/charts/litmus-agent/charts/chaos-exporter/README.md b/charts/litmus-agent/charts/chaos-exporter/README.md index 4d80a66d..0070749b 100644 --- a/charts/litmus-agent/charts/chaos-exporter/README.md +++ b/charts/litmus-agent/charts/chaos-exporter/README.md @@ -1,6 +1,6 @@ # chaos-exporter -![Version: 3.6.1](https://img.shields.io/badge/Version-3.6.1-informational?style=flat-square) ![AppVersion: 3.6.0](https://img.shields.io/badge/AppVersion-3.6.0-informational?style=flat-square) +![Version: 3.7.0](https://img.shields.io/badge/Version-3.7.0-informational?style=flat-square) ![AppVersion: 3.7.0](https://img.shields.io/badge/AppVersion-3.7.0-informational?style=flat-square) A Helm chart to install chaos-exporter diff --git a/charts/litmus-agent/charts/chaos-operator/Chart.yaml b/charts/litmus-agent/charts/chaos-operator/Chart.yaml index c5593e0c..9678a9b6 100644 --- a/charts/litmus-agent/charts/chaos-operator/Chart.yaml +++ b/charts/litmus-agent/charts/chaos-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "3.6.0" +appVersion: "3.7.0" description: A Helm chart to install chaos-operator name: chaos-operator -version: 3.6.1 +version: 3.7.0 kubeVersion: ">=1.16.0-0" home: https://litmuschaos.io sources: diff --git a/charts/litmus-agent/charts/chaos-operator/README.md b/charts/litmus-agent/charts/chaos-operator/README.md index f628535d..ec621f97 100644 --- a/charts/litmus-agent/charts/chaos-operator/README.md +++ b/charts/litmus-agent/charts/chaos-operator/README.md @@ -1,6 +1,6 @@ # chaos-operator -![Version: 3.6.1](https://img.shields.io/badge/Version-3.6.1-informational?style=flat-square) ![AppVersion: 3.6.0](https://img.shields.io/badge/AppVersion-3.6.0-informational?style=flat-square) +![Version: 3.7.0](https://img.shields.io/badge/Version-3.7.0-informational?style=flat-square) ![AppVersion: 3.7.0](https://img.shields.io/badge/AppVersion-3.7.0-informational?style=flat-square) A Helm chart to install chaos-operator diff --git a/charts/litmus-agent/charts/event-tracker/Chart.yaml b/charts/litmus-agent/charts/event-tracker/Chart.yaml index 2ed2dd61..0643642f 100644 --- a/charts/litmus-agent/charts/event-tracker/Chart.yaml +++ b/charts/litmus-agent/charts/event-tracker/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "3.6.0" +appVersion: "3.7.0" description: A Helm chart to install event-tracker name: event-tracker -version: 3.6.1 +version: 3.7.0 kubeVersion: ">=1.16.0-0" home: https://litmuschaos.io sources: diff --git a/charts/litmus-agent/charts/event-tracker/README.md b/charts/litmus-agent/charts/event-tracker/README.md index 5353fe16..55e97863 100644 --- a/charts/litmus-agent/charts/event-tracker/README.md +++ b/charts/litmus-agent/charts/event-tracker/README.md @@ -1,6 +1,6 @@ # event-tracker -![Version: 3.6.1](https://img.shields.io/badge/Version-3.6.1-informational?style=flat-square) ![AppVersion: 3.6.0](https://img.shields.io/badge/AppVersion-3.6.0-informational?style=flat-square) +![Version: 3.7.0](https://img.shields.io/badge/Version-3.7.0-informational?style=flat-square) ![AppVersion: 3.7.0](https://img.shields.io/badge/AppVersion-3.7.0-informational?style=flat-square) A Helm chart to install event-tracker diff --git a/charts/litmus-agent/charts/subscriber/Chart.yaml b/charts/litmus-agent/charts/subscriber/Chart.yaml index 5d86c436..016df3c8 100644 --- a/charts/litmus-agent/charts/subscriber/Chart.yaml +++ b/charts/litmus-agent/charts/subscriber/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "3.6.0" +appVersion: "3.7.0" description: A Helm chart to install subscriber name: subscriber -version: 3.6.1 +version: 3.7.0 kubeVersion: ">=1.16.0-0" home: https://litmuschaos.io sources: diff --git a/charts/litmus-agent/charts/subscriber/README.md b/charts/litmus-agent/charts/subscriber/README.md index cb618c9a..bfe98e64 100644 --- a/charts/litmus-agent/charts/subscriber/README.md +++ b/charts/litmus-agent/charts/subscriber/README.md @@ -1,6 +1,6 @@ # subscriber -![Version: 3.6.1](https://img.shields.io/badge/Version-3.6.1-informational?style=flat-square) ![AppVersion: 3.6.0](https://img.shields.io/badge/AppVersion-3.6.0-informational?style=flat-square) +![Version: 3.7.0](https://img.shields.io/badge/Version-3.7.0-informational?style=flat-square) ![AppVersion: 3.7.0](https://img.shields.io/badge/AppVersion-3.7.0-informational?style=flat-square) A Helm chart to install subscriber diff --git a/charts/litmus/Chart.yaml b/charts/litmus/Chart.yaml index 6fa749a2..80998fff 100644 --- a/charts/litmus/Chart.yaml +++ b/charts/litmus/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "3.6.0" +appVersion: "3.7.0" description: A Helm chart to install ChaosCenter name: litmus -version: 3.6.0 +version: 3.7.0 kubeVersion: ">=1.16.0-0" home: https://litmuschaos.io sources: diff --git a/charts/litmus/README.md b/charts/litmus/README.md index 0588526c..63ec4b0c 100644 --- a/charts/litmus/README.md +++ b/charts/litmus/README.md @@ -1,6 +1,6 @@ # litmus -![Version: 3.6.0](https://img.shields.io/badge/Version-3.6.0-informational?style=flat-square) ![AppVersion: 3.6.0](https://img.shields.io/badge/AppVersion-3.6.0-informational?style=flat-square) +![Version: 3.7.0](https://img.shields.io/badge/Version-3.7.0-informational?style=flat-square) ![AppVersion: 3.7.0](https://img.shields.io/badge/AppVersion-3.7.0-informational?style=flat-square) A Helm chart to install ChaosCenter @@ -57,7 +57,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | adminConfig.DB_SERVER | string | `""` | | | adminConfig.JWTSecret | string | `"litmus-portal@123"` | | | adminConfig.SKIP_SSL_VERIFY | string | `"false"` | | -| adminConfig.VERSION | string | `"3.6.0"` | | +| adminConfig.VERSION | string | `"3.7.0"` | | | customLabels | object | `{}` | Additional labels | | existingSecret | string | `""` | Use existing secret (e.g., External Secrets) | | image.imagePullSecrets | list | `[]` | | @@ -91,7 +91,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.frontend.customLabels | object | `{}` | | | portal.frontend.image.pullPolicy | string | `"Always"` | | | portal.frontend.image.repository | string | `"litmusportal-frontend"` | | -| portal.frontend.image.tag | string | `"3.6.0"` | | +| portal.frontend.image.tag | string | `"3.7.0"` | | | portal.frontend.livenessProbe.failureThreshold | int | `5` | | | portal.frontend.livenessProbe.initialDelaySeconds | int | `30` | | | portal.frontend.livenessProbe.periodSeconds | int | `10` | | @@ -129,7 +129,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.server.authServer.env.LITMUS_GQL_GRPC_PORT | string | `":8000"` | | | portal.server.authServer.image.pullPolicy | string | `"Always"` | | | portal.server.authServer.image.repository | string | `"litmusportal-auth-server"` | | -| portal.server.authServer.image.tag | string | `"3.6.0"` | | +| portal.server.authServer.image.tag | string | `"3.7.0"` | | | portal.server.authServer.ports[0].containerPort | int | `3030` | | | portal.server.authServer.ports[0].name | string | `"auth-server"` | | | portal.server.authServer.ports[1].containerPort | int | `3000` | | @@ -156,24 +156,24 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.server.customLabels | object | `{}` | | | portal.server.graphqlServer.genericEnv.CHAOS_CENTER_UI_ENDPOINT | string | `""` | | | portal.server.graphqlServer.genericEnv.CONTAINER_RUNTIME_EXECUTOR | string | `"k8sapi"` | | -| portal.server.graphqlServer.genericEnv.DEFAULT_HUB_BRANCH_NAME | string | `"v3.6.x"` | | -| portal.server.graphqlServer.genericEnv.INFRA_COMPATIBLE_VERSIONS | string | `"[\"3.6.0\"]"` | | +| portal.server.graphqlServer.genericEnv.DEFAULT_HUB_BRANCH_NAME | string | `"v3.7.x"` | | +| portal.server.graphqlServer.genericEnv.INFRA_COMPATIBLE_VERSIONS | string | `"[\"3.7.0\"]"` | | | portal.server.graphqlServer.genericEnv.INFRA_DEPLOYMENTS | string | `"[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"` | | | portal.server.graphqlServer.genericEnv.LITMUS_AUTH_GRPC_PORT | string | `":3030"` | | | portal.server.graphqlServer.genericEnv.REMOTE_HUB_MAX_SIZE | string | `"5000000"` | | | portal.server.graphqlServer.genericEnv.TLS_CERT_64 | string | `""` | | | portal.server.graphqlServer.genericEnv.TLS_SECRET_NAME | string | `""` | | -| portal.server.graphqlServer.genericEnv.WORKFLOW_HELPER_IMAGE_VERSION | string | `"3.6.0"` | | +| portal.server.graphqlServer.genericEnv.WORKFLOW_HELPER_IMAGE_VERSION | string | `"3.7.0"` | | | portal.server.graphqlServer.image.pullPolicy | string | `"Always"` | | | portal.server.graphqlServer.image.repository | string | `"litmusportal-server"` | | -| portal.server.graphqlServer.image.tag | string | `"3.6.0"` | | +| portal.server.graphqlServer.image.tag | string | `"3.7.0"` | | | portal.server.graphqlServer.imageEnv.ARGO_WORKFLOW_CONTROLLER_IMAGE | string | `"workflow-controller:v3.3.1"` | | | portal.server.graphqlServer.imageEnv.ARGO_WORKFLOW_EXECUTOR_IMAGE | string | `"argoexec:v3.3.1"` | | -| portal.server.graphqlServer.imageEnv.EVENT_TRACKER_IMAGE | string | `"litmusportal-event-tracker:3.6.0"` | | -| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_EXPORTER_IMAGE | string | `"chaos-exporter:3.6.0"` | | -| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_OPERATOR_IMAGE | string | `"chaos-operator:3.6.0"` | | -| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_RUNNER_IMAGE | string | `"chaos-runner:3.6.0"` | | -| portal.server.graphqlServer.imageEnv.SUBSCRIBER_IMAGE | string | `"litmusportal-subscriber:3.6.0"` | | +| portal.server.graphqlServer.imageEnv.EVENT_TRACKER_IMAGE | string | `"litmusportal-event-tracker:3.7.0"` | | +| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_EXPORTER_IMAGE | string | `"chaos-exporter:3.7.0"` | | +| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_OPERATOR_IMAGE | string | `"chaos-operator:3.7.0"` | | +| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_RUNNER_IMAGE | string | `"chaos-runner:3.7.0"` | | +| portal.server.graphqlServer.imageEnv.SUBSCRIBER_IMAGE | string | `"litmusportal-subscriber:3.7.0"` | | | portal.server.graphqlServer.livenessProbe.failureThreshold | int | `5` | | | portal.server.graphqlServer.livenessProbe.initialDelaySeconds | int | `30` | | | portal.server.graphqlServer.livenessProbe.periodSeconds | int | `10` | | @@ -230,7 +230,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | upgradeAgent.affinity | object | `{}` | | | upgradeAgent.controlPlane.image.pullPolicy | string | `"Always"` | | | upgradeAgent.controlPlane.image.repository | string | `"upgrade-agent-cp"` | | -| upgradeAgent.controlPlane.image.tag | string | `"3.6.0"` | | +| upgradeAgent.controlPlane.image.tag | string | `"3.7.0"` | | | upgradeAgent.controlPlane.restartPolicy | string | `"OnFailure"` | | | upgradeAgent.enabled | bool | `true` | | | upgradeAgent.nodeSelector | object | `{}` | | diff --git a/charts/litmus/templates/server-cluster-role-binding.yaml b/charts/litmus/templates/server-cluster-role-binding.yaml index e43cb330..57b38c75 100644 --- a/charts/litmus/templates/server-cluster-role-binding.yaml +++ b/charts/litmus/templates/server-cluster-role-binding.yaml @@ -1,108 +1,4 @@ {{ if eq .Values.portalScope "cluster" }} -{{ if eq .Values.portal.server.graphqlServer.genericEnv.SELF_AGENT "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-crb-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: argo-crb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argo-cr-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: litmus-cluster-scope-crb-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/name: litmus - # provide unique instance-id if applicable - # app.kubernetes.io/instance: litmus-abcxzy - app.kubernetes.io/version: v1.13.6 - app.kubernetes.io/component: operator-clusterrolebinding - app.kubernetes.io/part-of: litmus - app.kubernetes.io/managed-by: kubectl -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: litmus-cluster-scope-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: litmus-admin-crb-for-{{ include "litmus-portal.fullname" . }}-server - labels: - name: litmus-admin-crb-for-{{ include "litmus-portal.name" . }}-server - app.kubernetes.io/component: litmus-admin-crb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: litmus-admin-cr-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: chaos-crb-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: chaos-crb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chaos-cr-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: subscriber-crb-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: subscriber-crb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: subscriber-cr-for-{{ include "litmus-portal.fullname" . }}-server - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: event-tracker-crb-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: event-tracker-crb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: event-tracker-cr-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -{{ end }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/litmus/templates/server-cluster-role.yaml b/charts/litmus/templates/server-cluster-role.yaml index efcb4d29..d5a53960 100644 --- a/charts/litmus/templates/server-cluster-role.yaml +++ b/charts/litmus/templates/server-cluster-role.yaml @@ -1,268 +1,4 @@ {{ if eq .Values.portalScope "cluster" }} -{{ if eq .Values.portal.server.graphqlServer.genericEnv.SELF_AGENT "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: argo-cr-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: argo-cr-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: [pods, pods/exec] - verbs: [create, get, list, watch, update, patch, delete] -- apiGroups: [""] - resources: [configmaps] - verbs: [get, watch, list] -- apiGroups: [""] - resources: [persistentvolumeclaims] - verbs: [create, delete] -- apiGroups: [argoproj.io] - resources: [workflows, workflows/finalizers] - verbs: [get, list, watch, update, patch, delete, create] -- apiGroups: [argoproj.io] - resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets] - verbs: [get, list, watch] -- apiGroups: [argoproj.io] - resources: [workflowtaskresults] - verbs: [list, watch, deletecollection] -- apiGroups: [""] - resources: [serviceaccounts] - verbs: [get, list] -- apiGroups: [argoproj.io] - resources: [cronworkflows, cronworkflows/finalizers] - verbs: [get, list, watch, update, patch, delete] -- apiGroups: [""] - resources: [events] - verbs: [create, patch] -- apiGroups: [policy] - resources: [poddisruptionbudgets] - verbs: [create, get, delete] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: litmus-cluster-scope-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: litmus-cluster-scope-for-{{ include "litmus-portal.fullname" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: [replicationcontrollers, secrets] - verbs: [get, list] - - apiGroups: [apps.openshift.io] - resources: [deploymentconfigs] - verbs: [get, list] - - apiGroups: [apps] - resources: [deployments, daemonsets, replicasets, statefulsets] - verbs: [get, list] - - apiGroups: [batch] - resources: [jobs] - verbs: [get, list, deletecollection] - - apiGroups: [argoproj.io] - resources: [rollouts] - verbs: [get, list] - - apiGroups: [""] - resources: [pods, configmaps, events, services] - verbs: [get, create, update, patch, delete, list, watch, deletecollection] - - apiGroups: [litmuschaos.io] - resources: [chaosengines, chaosexperiments, chaosresults] - verbs: [get, create, update, patch, delete, list, watch, deletecollection] - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [list, get] - - apiGroups: ["litmuschaos.io"] - resources: ["chaosengines/finalizers"] - verbs: ["update"] - - apiGroups: [ "coordination.k8s.io" ] - resources: [ "leases" ] - verbs: [ "get","create","list","update","delete" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: litmus-admin-cr-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: litmus-admin-cr-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: - # *************************************************************************************** - # Permissions needed for preparing and monitor the chaos resources by chaos-runner - # *************************************************************************************** - - # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment.. - ## .. by creating the chaos-runner - - # for creating and monitoring the chaos-runner pods -- apiGroups: [""] - resources: [pods,events] - verbs: [create, delete, get, list, patch, update, deletecollection] - - # for fetching configmaps and secrets to inject into chaos-runner pod (if specified) -- apiGroups: [""] - resources: [secrets, configmaps] - verbs: [get, list] - - # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner -- apiGroups: [""] - resources: [pods/log] - verbs: [get, list, watch] - - # for configuring and monitor the experiment job by chaos-runner pod -- apiGroups: [batch] - resources: [jobs] - verbs: [create, list, get, delete, deletecollection] - - # ******************************************************************** - # Permissions needed for creation and discovery of chaos experiments - # ******************************************************************** - - # The helper pods are created by experiment to perform the actual chaos injection ... - # ... for a period of chaos duration - - # for creating and deleting the helper or target app pod and events by experiment -- apiGroups: [""] - resources: [pods] - verbs: [create, delete, deletecollection] - - # for creating and monitoring the events for chaos operations -- apiGroups: [""] - resources: [events] - verbs: [create, delete, get, list, patch, update, deletecollection] - - # for monitoring the helper and target app pod -- apiGroups: [""] - resources: [pods] - verbs: [get, list, patch, update] - - # for creating and managing to execute comands inside target container -- apiGroups: [""] - resources: [pods/exec, pods/eviction, replicationcontrollers] - verbs: [get,list,create] - - # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment -- apiGroups: [""] - resources: [pods/log] - verbs: [get, list, watch] - - # for creating and monitoring liveness services or monitoring target app services during chaos injection -- apiGroups: [""] - resources: [services] - verbs: [create, delete, get, list, delete, deletecollection] - - # for checking the app parent resources as deployments or sts and are eligible chaos candidates -- apiGroups: [apps] - resources: [deployments, statefulsets] - verbs: [list, get, patch, update, create, delete] - - # for checking the app parent resources as replicasets and are eligible chaos candidates -- apiGroups: [apps] - resources: [replicasets] - verbs: [list, get] - - # for checking the app parent resources as deamonsets and are eligible chaos candidates -- apiGroups: [apps] - resources: [daemonsets] - verbs: [list, get, delete] - - # for checking (openshift) app parent resources if they are eligible chaos candidates -- apiGroups: [apps.openshift.io] - resources: [deploymentconfigs] - verbs: [list, get] - - # for checking (argo) app parent resources if they are eligible chaos candidates -- apiGroups: [argoproj.io] - resources: [rollouts] - verbs: [list, get] - - # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow -- apiGroups: [litmuschaos.io] - resources: [chaosengines, chaosexperiments, chaosresults] - verbs: [create, list, get, patch, update, delete] - - # for experiment to perform node status checks and other node level operations like taint, drain in the experiment. -- apiGroups: [""] - resources: [nodes] - verbs: [patch, get, list, update] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: chaos-cr-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: chaos-cr-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: - # for managing the pods created by workflow controller to implement individual steps in the workflow - - apiGroups: [""] - resources: [pods, services, namespaces] - verbs: [create, get, watch, patch, delete, list] - - # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow - - apiGroups: [""] - resources: [pods/log, secrets, configmaps] - verbs: [get, watch, create, delete, patch] - - # for creation & deletion of application in predefined workflows - - apiGroups: [apps] - resources: [deployments, statefulsets] - verbs: [get, watch, patch, create, delete] - - # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow - - apiGroups: [litmuschaos.io] - resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules] - verbs: [create, list, get, patch, delete, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: subscriber-cr-for-{{ include "litmus-portal.fullname" . }}-server - namespace: litmus - labels: - app.kubernetes.io/component: subscriber-cr-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: [configmaps, secrets] - verbs: [get, create, delete, update] -- apiGroups: [""] - resources: [pods/log] - verbs: [get, list, watch] -- apiGroups: [""] - resources: [pods, namespaces, nodes, services] - verbs: [get, list, watch] -- apiGroups: [litmuschaos.io] - resources: [chaosengines, chaosschedules, chaosresults] - verbs: [get, list, create, delete, update, watch] -- apiGroups: [apps.openshift.io] - resources: [deploymentconfigs] - verbs: [get, list] -- apiGroups: [apps] - resources: [deployments, daemonsets, replicasets, statefulsets] - verbs: [get, list, delete, deletecollection] -- apiGroups: [argoproj.io] - resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts] - verbs: [get, list, create, delete, update, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: event-tracker-cr-for-{{ include "litmus-portal.fullname" . }}-server - labels: - app.kubernetes.io/component: event-tracker-cr-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: -- apiGroups: [eventtracker.litmuschaos.io] - resources: [eventtrackerpolicies] - verbs: [create, delete, get, list, patch, update, watch] -- apiGroups: [eventtracker.litmuschaos.io] - resources: [eventtrackerpolicies/status] - verbs: [get, patch, update] -- apiGroups: ["", extensions, apps] - resources: [deployments, daemonsets, statefulsets, pods, configmaps, secrets] - verbs: [get, list, watch] ---- -{{ end }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -277,19 +13,7 @@ rules: - apiGroups: [""] resources: [services, nodes, pods/log] verbs: [get, watch] - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [create] - - apiGroups: [apps] - resources: [deployments] - verbs: [create] - - apiGroups: [""] - resources: [configmaps] + - apiGroups: [""] # To get TLS Cert from secrets incase of cluster scope + resources: [secrets] verbs: [get] - - apiGroups: [""] - resources: [serviceaccounts] - verbs: [create] - - apiGroups: [rbac.authorization.k8s.io] - resources: [rolebindings, roles, clusterrolebindings, clusterroles] - verbs: [create] {{ end }} diff --git a/charts/litmus/templates/server-role.yaml b/charts/litmus/templates/server-role.yaml index efa572c4..92a6406c 100644 --- a/charts/litmus/templates/server-role.yaml +++ b/charts/litmus/templates/server-role.yaml @@ -1,292 +1,4 @@ {{ if eq .Values.portalScope "namespace" }} -{{ if eq .Values.portal.server.graphqlServer.genericEnv.SELF_AGENT "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-role-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: argo-role-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: [pods, pods/exec] - verbs: [create, get, list, watch, update, patch, delete] -- apiGroups: [""] - resources: [configmaps] - verbs: [get, watch, list] -- apiGroups: [""] - resources: [persistentvolumeclaims] - verbs: [create, delete] -- apiGroups: [argoproj.io] - resources: [workflows, workflows/finalizers] - verbs: [get, list, watch, update, patch, delete, create] -- apiGroups: [argoproj.io] - resources: [workflowtemplates, workflowtemplates/finalizers,workflowtasksets] - verbs: [get, list, watch] -- apiGroups: [argoproj.io] - resources: [workflowtaskresults] - verbs: [list, watch, deletecollection] -- apiGroups: [""] - resources: [serviceaccounts] - verbs: [get, list] -- apiGroups: [""] - resources: [secrets] - verbs: [get] -- apiGroups: [argoproj.io] - resources: [cronworkflows, cronworkflows/finalizers] - verbs: [get, list, watch, update, patch, delete] -- apiGroups: [""] - resources: [events] - verbs: [create, patch] -- apiGroups: [policy] - resources: [poddisruptionbudgets] - verbs: [create, get, delete] -#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/2a_litmus_rbac.yaml ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: litmus-namespace-scope-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: litmus - # provide unique instance-id if applicable - # app.kubernetes.io/instance: litmus-abcxzy - app.kubernetes.io/version: v1.13.6 - app.kubernetes.io/component: operator-role - app.kubernetes.io/part-of: litmus - app.kubernetes.io/managed-by: kubectl - name: litmus-namespace-scope-for-litmusportal-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: [replicationcontrollers, secrets] - verbs: [get, list] -- apiGroups: [apps.openshift.io] - resources: [deploymentconfigs] - verbs: [get, list] -- apiGroups: [apps] - resources: [deployments, daemonsets, replicasets, statefulsets] - verbs: [get, list, update] -- apiGroups: [batch] - resources: [jobs] - verbs: [get, list, create, deletecollection] -- apiGroups: [argoproj.io] - resources: [rollouts] - verbs: [get, list] -- apiGroups: [""] - resources: [pods, pods/exec, configmaps, events, services] - verbs: [get, create, update, patch, delete, list, watch, deletecollection] -- apiGroups: [litmuschaos.io] - resources: [chaosengines, chaosexperiments, chaosresults] - verbs: [get, create, update, patch, delete, list, watch, deletecollection] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines/finalizers"] - verbs: ["update"] -- apiGroups: [ "coordination.k8s.io" ] - resources: [ "leases" ] - verbs: [ "get","create","list","update","delete" ] -#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: subscriber-role-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - name: subscriber-role-for-{{ include "litmus-portal.name" . }}-server - app.kubernetes.io/component: subscriber-role-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: [configmaps, secrets] - verbs: [get, create, delete, update] - - - apiGroups: [""] - resources: [pods/log] - verbs: [get, list, watch] - - - apiGroups: [""] - resources: [pods, services] - verbs: [get, list, watch] - - - apiGroups: [litmuschaos.io] - resources: [chaosengines, chaosschedules, chaosresults] - verbs: [get, list, create, delete, update, watch] - - - apiGroups: [apps.openshift.io] - resources: [deploymentconfigs] - verbs: [get, list] - - - apiGroups: [apps] - resources: [deployments, daemonsets, replicasets, statefulsets] - verbs: [get, list, delete, deletecollection] - - - apiGroups: [argoproj.io] - resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, rollouts] - verbs: [get, list, create, delete, update, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: litmus-admin-role-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - name: litmus-admin-role-for-{{ include "litmus-portal.name" . }}-server - app.kubernetes.io/component: litmus-admin-role-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: - # *************************************************************************************** - # Permissions needed for preparing and monitor the chaos resources by chaos-runner - # *************************************************************************************** - - # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment.. - ## .. by creating the chaos-runner - - # for creating and monitoring the chaos-runner pods - - apiGroups: [""] - resources: [pods, events] - verbs: [create, delete, get, list, patch, update, deletecollection] - - # for fetching configmaps and secrets to inject into chaos-runner pod (if specified) - - apiGroups: [""] - resources: [secrets, configmaps] - verbs: [get, list] - - # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner - - apiGroups: [""] - resources: [pods/log] - verbs: [get, list, watch] - - # for configuring and monitor the experiment job by chaos-runner pod - - apiGroups: [batch] - resources: [jobs] - verbs: [create, list, get, delete, deletecollection] - - # ******************************************************************** - # Permissions needed for creation and discovery of chaos experiments - # ******************************************************************** - - # The helper pods are created by experiment to perform the actual chaos injection ... - # ... for a period of chaos duration - - # for creating and deleting the helper or target app pod and events by experiment - - apiGroups: [""] - resources: [pods] - verbs: [create, delete, deletecollection] - - # for creating and monitoring the events for chaos operations - - apiGroups: [""] - resources: [events] - verbs: [create, delete, get, list, patch, update, deletecollection] - - # for monitoring the helper and target app pod - - apiGroups: [""] - resources: [pods] - verbs: [get, list, patch, update] - - # for creating and managing to execute comands inside target container - - apiGroups: [""] - resources: [pods/exec, pods/eviction, replicationcontrollers] - verbs: [get, list, create] - - # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment - - apiGroups: [""] - resources: [pods/log] - verbs: [get, list, watch] - - # for creating and monitoring liveness services or monitoring target app services during chaos injection - - apiGroups: [""] - resources: [services] - verbs: [create, delete, get, list, delete, deletecollection] - - # for checking the app parent resources as deployments or sts and are eligible chaos candidates - - apiGroups: [apps] - resources: [deployments, statefulsets] - verbs: [list, get, patch, update, create, delete] - - # for checking the app parent resources as replicasets and are eligible chaos candidates - - apiGroups: [apps] - resources: [replicasets] - verbs: [list, get] - - # for checking the app parent resources as deamonsets and are eligible chaos candidates - - apiGroups: [apps] - resources: [daemonsets] - verbs: [list, get, delete] - - # for checking (openshift) app parent resources if they are eligible chaos candidates - - apiGroups: [apps.openshift.io] - resources: [deploymentconfigs] - verbs: [list, get] - - # for checking (argo) app parent resources if they are eligible chaos candidates - - apiGroups: [argoproj.io] - resources: [rollouts] - verbs: [list, get] - - # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow - - apiGroups: [litmuschaos.io] - resources: [chaosengines, chaosexperiments, chaosresults] - verbs: [create, list, get, patch, update, delete] - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: chaos-role-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: chaos-role-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: - # for managing the pods created by workflow controller to implement individual steps in the workflow - - apiGroups: [""] - resources: [pods, services] - verbs: [create, get, watch, patch, delete, list] - - # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow - - apiGroups: [""] - resources: [pods/log, secrets, configmaps] - verbs: [get, watch, create, delete, patch] - - # for creation & deletion of application in predefined workflows - - apiGroups: [apps] - resources: [deployments, statefulsets] - verbs: [get, watch, patch , create, delete] - - # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow - - apiGroups: [litmuschaos.io] - resources: - [chaosengines, chaosexperiments, chaosresults, chaosschedules] - verbs: [create, list, get, patch, delete, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: event-tracker-role-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: event-tracker-role-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -rules: -- apiGroups: [eventtracker.litmuschaos.io] - resources: [eventtrackerpolicies] - verbs: [create, delete, get, list, patch, update, watch] -- apiGroups: [eventtracker.litmuschaos.io] - resources: [eventtrackerpolicies/status] - verbs: [get, patch, update] -- apiGroups: [""] - resources: [pods, configmaps, secrets] - verbs: [get, list, watch] -- apiGroups: [extensions, apps] - resources: [deployments, daemonsets, statefulsets] - verbs: [get, list, watch] -# litmus-server-role is used by the litmusportal-server -# If SELF_AGENT=false, then only litmus-server-role and litmus-server-rb are required. ---- -{{ end }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -302,16 +14,4 @@ rules: - apiGroups: [""] resources: [services, pods/log] verbs: [get, watch] - - apiGroups: [apps] - resources: [deployments] - verbs: [create] - - apiGroups: [""] - resources: [configmaps] - verbs: [get] - - apiGroups: [""] - resources: [serviceaccounts] - verbs: [create] - - apiGroups: [rbac.authorization.k8s.io] - resources: [rolebindings, roles] - verbs: [create] {{ end }} diff --git a/charts/litmus/templates/server-rolebinding.yaml b/charts/litmus/templates/server-rolebinding.yaml index 96406270..75e94fe8 100644 --- a/charts/litmus/templates/server-rolebinding.yaml +++ b/charts/litmus/templates/server-rolebinding.yaml @@ -1,120 +1,4 @@ {{ if eq .Values.portalScope "namespace" }} -{{ if eq .Values.portal.server.graphqlServer.genericEnv.SELF_AGENT "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-rb-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: argo-rb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-role-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} -#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/2a_litmus_rbac.yaml ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: litmus-namespace-scope-rb-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: litmus - # provide unique instance-id if applicable - # app.kubernetes.io/instance: litmus-abcxzy - app.kubernetes.io/version: v1.13.6 - app.kubernetes.io/component: operator-rolebinding - app.kubernetes.io/part-of: litmus - app.kubernetes.io/managed-by: kubectl - name: litmus-namespace-scope-rb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: litmus-namespace-scope-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} -#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: subscriber-rb-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: subscriber-rb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: subscriber-role-for-{{ include "litmus-portal.fullname" . }}-server - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: litmus-admin-rb-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - name: litmus-admin-rb-for-{{ include "litmus-portal.name" . }}-server - app.kubernetes.io/component: litmus-admin-rb-for-{{ include "litmus-portal.name" . }}-server - {{- include "litmus-portal.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: litmus-admin-role-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: chaos-rb-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - name: chaos-rb-for-{{ include "litmus-portal.name" . }}-server - app.kubernetes.io/component: chaos-rb-for-{{ include "litmus-portal.name" . }}-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chaos-role-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: event-tracker-rb-for-{{ include "litmus-portal.fullname" . }}-server - namespace: {{ .Release.Namespace }} - labels: - name: event-tracker-rb-for-{{ include "litmus-portal.name" . }}-server - app.kubernetes.io/component: event-tracker-rb-for-{{ include "litmus-portal.name" . }}-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: event-tracker-role-for-{{ include "litmus-portal.fullname" . }}-server -subjects: - - kind: ServiceAccount - name: {{ .Values.portal.server.serviceAccountName }} - namespace: {{ .Release.Namespace }} -# litmus-server-role is used by the litmusportal-server -# If SELF_AGENT=false, then only litmus-server-role and litmus-server-rb are required. ---- -{{ end }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/litmus/values.yaml b/charts/litmus/values.yaml index 4cac25d5..501c5486 100644 --- a/charts/litmus/values.yaml +++ b/charts/litmus/values.yaml @@ -15,7 +15,7 @@ existingSecret: "" adminConfig: JWTSecret: "litmus-portal@123" - VERSION: "3.6.0" + VERSION: "3.7.0" SKIP_SSL_VERIFY: "false" # -- leave empty if uses Mongo DB deployed by this chart DBPASSWORD: "" @@ -61,7 +61,7 @@ upgradeAgent: controlPlane: image: repository: upgrade-agent-cp - tag: "3.6.0" + tag: "3.7.0" pullPolicy: "Always" restartPolicy: OnFailure nodeSelector: {} @@ -105,7 +105,7 @@ portal: # runAsNonRoot: true image: repository: litmusportal-frontend - tag: 3.6.0 + tag: 3.7.0 pullPolicy: "Always" containerPort: 8185 customLabels: {} @@ -206,7 +206,7 @@ portal: readOnlyRootFilesystem: true image: repository: litmusportal-server - tag: 3.6.0 + tag: 3.7.0 pullPolicy: "Always" ports: - name: gql-server @@ -223,23 +223,23 @@ portal: port: 8000 targetPort: 8000 imageEnv: - SUBSCRIBER_IMAGE: "litmusportal-subscriber:3.6.0" - EVENT_TRACKER_IMAGE: "litmusportal-event-tracker:3.6.0" + SUBSCRIBER_IMAGE: "litmusportal-subscriber:3.7.0" + EVENT_TRACKER_IMAGE: "litmusportal-event-tracker:3.7.0" ARGO_WORKFLOW_CONTROLLER_IMAGE: "workflow-controller:v3.3.1" ARGO_WORKFLOW_EXECUTOR_IMAGE: "argoexec:v3.3.1" - LITMUS_CHAOS_OPERATOR_IMAGE: "chaos-operator:3.6.0" - LITMUS_CHAOS_RUNNER_IMAGE: "chaos-runner:3.6.0" - LITMUS_CHAOS_EXPORTER_IMAGE: "chaos-exporter:3.6.0" + LITMUS_CHAOS_OPERATOR_IMAGE: "chaos-operator:3.7.0" + LITMUS_CHAOS_RUNNER_IMAGE: "chaos-runner:3.7.0" + LITMUS_CHAOS_EXPORTER_IMAGE: "chaos-exporter:3.7.0" genericEnv: TLS_SECRET_NAME: "" TLS_CERT_64: "" CONTAINER_RUNTIME_EXECUTOR: "k8sapi" - DEFAULT_HUB_BRANCH_NAME: "v3.6.x" + DEFAULT_HUB_BRANCH_NAME: "v3.7.x" INFRA_DEPLOYMENTS: '["app=chaos-exporter", "name=chaos-operator", "app=event-tracker", "app=workflow-controller"]' LITMUS_AUTH_GRPC_PORT: ":3030" - WORKFLOW_HELPER_IMAGE_VERSION: "3.6.0" + WORKFLOW_HELPER_IMAGE_VERSION: "3.7.0" REMOTE_HUB_MAX_SIZE: "5000000" - INFRA_COMPATIBLE_VERSIONS: '["3.6.0"]' + INFRA_COMPATIBLE_VERSIONS: '["3.7.0"]' # Provide UI endpoint if using namespaced scope CHAOS_CENTER_UI_ENDPOINT: "" resources: @@ -282,7 +282,7 @@ portal: automountServiceAccountToken: false image: repository: litmusportal-auth-server - tag: 3.6.0 + tag: 3.7.0 pullPolicy: "Always" ports: - name: auth-server